Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
The functions in this module allow you to limit the total size of incoming request bodies.
Limiting incoming request body size helps protect your server against denial-of-service (DOS) attacks, in which an attacker sends huge bodies to your server.
Synopsis
- requestSizeLimitMiddleware :: RequestSizeLimitSettings -> Middleware
- defaultRequestSizeLimitSettings :: RequestSizeLimitSettings
- data RequestSizeLimitSettings
- setMaxLengthForRequest :: (Request -> IO (Maybe Word64)) -> RequestSizeLimitSettings -> RequestSizeLimitSettings
- setOnLengthExceeded :: (Word64 -> Middleware) -> RequestSizeLimitSettings -> RequestSizeLimitSettings
Middleware
requestSizeLimitMiddleware :: RequestSizeLimitSettings -> Middleware Source #
Middleware to limit request bodies to a certain size.
This uses requestSizeCheck
under the hood; see that function for details.
Since: 3.1.1
Constructing RequestSizeLimitSettings
defaultRequestSizeLimitSettings :: RequestSizeLimitSettings Source #
Create a RequestSizeLimitSettings
with these settings:
- 2MB size limit for all requests
- When the limit is exceeded, return a plain text response describing the error, with a 413 status code.
Since: 3.1.1
RequestSizeLimitSettings
and accessors
data RequestSizeLimitSettings Source #
Settings to configure requestSizeLimitMiddleware
.
This type (but not the constructor, or record fields) is exported from Network.Wai.Middleware.RequestSizeLimit.
Since the constructor isn't exported, create a default value with defaultRequestSizeLimitSettings
first,
then set the values using setMaxLengthForRequest
and setOnLengthExceeded
(See the examples below).
If you need to access the constructor directly, it's exported from Network.Wai.Middleware.RequestSizeLimit.Internal.
Examples
Conditionally setting the limit based on the request
{-# LANGUAGE OverloadedStrings #-} import Network.Wai import Network.Wai.Middleware.RequestSizeLimit let megabyte = 1024 * 1024 let sizeForReq req = if pathInfo req == ["upload", "image"] then pure $ Just $ megabyte * 20 else pure $ Just $ megabyte * 2 let finalSettings = setMaxLengthForRequest sizeForReq defaultRequestSizeLimitSettings
JSON response
{-# LANGUAGE OverloadedStrings #-} import Network.Wai import Network.Wai.Middleware.RequestSizeLimit import Network.HTTP.Types.Status (requestEntityTooLarge413) import Data.Aeson import Data.Text (Text) let jsonResponse = \_maxLen _app _req sendResponse -> sendResponse $ responseLBS requestEntityTooLarge413 [("Content-Type", "application/json")] (encode $ object ["error" .= ("request size too large" :: Text)]) let finalSettings = setOnLengthExceeded jsonResponse defaultRequestSizeLimitSettings
Since: 3.1.1
setMaxLengthForRequest :: (Request -> IO (Maybe Word64)) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #
Function to determine the maximum request size in bytes for the request. Return Nothing
for no limit.
Since: 3.1.1
setOnLengthExceeded :: (Word64 -> Middleware) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #
Callback function when maximum length is exceeded. The Word64
argument is the limit computed by setMaxLengthForRequest
.
Since: 3.1.1