如何使用busboy防止node.js Express中的POST垃圾邮件?
[英]How to prevent POST spamming in node.js Express using busboy?
问题描述
I am following the example here: https://www.npmjs.com/package/busboy 
我在这里跟随示例: https : //www.npmjs.com/package/busboy
I am worried that someone may deliberately try to overload the server. 我担心有人会故意使服务器超载。 I wonder if there is a convenient way, before the data is uploaded, to prevent spamming by measuring the size of the entire POST body, not just the file(s) uploaded. 我想知道在上传数据之前是否有一种方便的方法来防止垃圾邮件,方法是测量整个POST正文的大小,而不仅仅是测量上传的文件。 I tried the following, which apparently didn't work: 我尝试了以下方法,但显然不起作用:
if (JSON.stringify(req.body).length > 5 * 1024 * 1024) res.redirect('/');
1 个解决方案
解决方案1
2 已采纳 2015-09-05 14:15:45
You cannot rely on Content-Length being set. 您不能依赖于设置的Content-Length 。 Even if it were set, if the person was acting malicious, they either may use an incorrect Content-Length or they may use Transfer-Encoding: chunked , in which case there is no way to tell how large the request body is. 即使已设置,但如果该人正在恶意行事,他们要么使用错误的Content-Length要么使用Transfer-Encoding: chunked ,在这种情况下,无法确定请求主体的大小。
Additionally, calling stringify() every time on req.body could easily cause a DoS-style attack as well. 另外,每次在req.body上调用stringify()也很容易引起DoS风格的攻击。
However, busboy does have several options for limiting various aspects of application/x-www-form-urlencoded and multipart/form-data requests (eg max file size, max number of files, etc.). 但是, busboy确实有几种选择来限制application/x-www-form-urlencoded和multipart/form-data请求的各个方面(例如,最大文件大小,最大文件数等)。
You might also limit the parsing of request bodies to routes where you're expecting request bodies, instead of trying to parse request bodies for all requests. 您也可以将请求正文的解析限制在期望有请求正文的路由上,而不是尝试为所有请求解析请求正文。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.