| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Network.Wai.Middleware.RequestSizeLimit
Description
The functions in this module allow you to limit the total size of incoming request bodies.
Limiting incoming request body size helps protect your server against denial-of-service (DOS) attacks, in which an attacker sends huge bodies to your server.
Synopsis
- requestSizeLimitMiddleware :: RequestSizeLimitSettings -> Middleware
- defaultRequestSizeLimitSettings :: RequestSizeLimitSettings
- data RequestSizeLimitSettings
- setMaxLengthForRequest :: (Request -> IO (Maybe Word64)) -> RequestSizeLimitSettings -> RequestSizeLimitSettings
- setOnLengthExceeded :: (Word64 -> Middleware) -> RequestSizeLimitSettings -> RequestSizeLimitSettings
Middleware
requestSizeLimitMiddleware :: RequestSizeLimitSettings -> Middleware Source #
Middleware to limit request bodies to a certain size.
This uses requestSizeCheck under the hood; see that function for details.
Since: 3.1.1
Constructing RequestSizeLimitSettings
defaultRequestSizeLimitSettings :: RequestSizeLimitSettings Source #
Create a RequestSizeLimitSettings with these settings:
- 2MB size limit for all requests
- When the limit is exceeded, return a plain text response describing the error, with a 413 status code.
Since: 3.1.1
RequestSizeLimitSettings and accessors
data RequestSizeLimitSettings Source #
Settings to configure requestSizeLimitMiddleware.
This type (but not the constructor, or record fields) is exported from Network.Wai.Middleware.RequestSizeLimit.
Since the constructor isn't exported, create a default value with defaultRequestSizeLimitSettings first,
then set the values using setMaxLengthForRequest and setOnLengthExceeded (See the examples below).
If you need to access the constructor directly, it's exported from Network.Wai.Middleware.RequestSizeLimit.Internal.
Examples
Conditionally setting the limit based on the request
{-# LANGUAGE OverloadedStrings #-}
import Network.Wai
import Network.Wai.Middleware.RequestSizeLimit
let megabyte = 1024 * 1024
let sizeForReq req = if pathInfo req == ["upload", "image"] then pure $ Just $ megabyte * 20 else pure $ Just $ megabyte * 2
let finalSettings = setMaxLengthForRequest sizeForReq defaultRequestSizeLimitSettingsJSON response
{-# LANGUAGE OverloadedStrings #-}
import Network.Wai
import Network.Wai.Middleware.RequestSizeLimit
import Network.HTTP.Types.Status (requestEntityTooLarge413)
import Data.Aeson
import Data.Text (Text)
let jsonResponse = \_maxLen _app _req sendResponse -> sendResponse $ responseLBS requestEntityTooLarge413 [("Content-Type", "application/json")] (encode $ object ["error" .= ("request size too large" :: Text)])
let finalSettings = setOnLengthExceeded jsonResponse defaultRequestSizeLimitSettingsSince: 3.1.1
setMaxLengthForRequest :: (Request -> IO (Maybe Word64)) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #
Function to determine the maximum request size in bytes for the request. Return Nothing for no limit.
Since: 3.1.1
setOnLengthExceeded :: (Word64 -> Middleware) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #
Callback function when maximum length is exceeded. The Word64 argument is the limit computed by setMaxLengthForRequest.
Since: 3.1.1