diff --git a/docs/node-configuration.md b/docs/node-configuration.md index 3648108fd..1c14bc76a 100644 --- a/docs/node-configuration.md +++ b/docs/node-configuration.md @@ -188,6 +188,7 @@ RPC: MaxFindStoragePageSize: 50 MaxNEP11Tokens: 100 MaxRequestBodyBytes: 5242880 + MaxRequestHeaderBytes: 1048576 MaxWebSocketClients: 64 SessionEnabled: false SessionExpirationTime: 15 @@ -228,6 +229,8 @@ where: `getnep11balances` call. - `MaxRequestBodyBytes` - the maximum allowed HTTP request body size in bytes (5MB by default). +- `MaxRequestHeaderBytes` - the maximum allowed HTTP request header size in bytes + (1MB by default). - `MaxWebSocketClients` - the maximum simultaneous websocket client connection number (64 by default). Attempts to establish additional connections will lead to websocket handshake failures. Use "-1" to disable websocket diff --git a/pkg/config/config.go b/pkg/config/config.go index 4faf31a98..cd2c157c3 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -3,6 +3,7 @@ package config import ( "bytes" "fmt" + "net/http" "os" "time" @@ -33,6 +34,9 @@ const ( // DefaultMaxRequestBodyBytes is the default maximum allowed size of HTTP // request body in bytes. DefaultMaxRequestBodyBytes = 5 * 1024 * 1024 + // DefaultMaxRequestHeaderBytes is the maximum permitted size of the headers + // in an HTTP request. + DefaultMaxRequestHeaderBytes = http.DefaultMaxHeaderBytes ) // Version is the version of the node, set at the build time. diff --git a/pkg/config/rpc_config.go b/pkg/config/rpc_config.go index b0c62bf3a..c9b0a1630 100644 --- a/pkg/config/rpc_config.go +++ b/pkg/config/rpc_config.go @@ -17,6 +17,7 @@ type ( MaxFindStorageResultItems int `yaml:"MaxFindStoragePageSize"` MaxNEP11Tokens int `yaml:"MaxNEP11Tokens"` MaxRequestBodyBytes int `yaml:"MaxRequestBodyBytes"` + MaxRequestHeaderBytes int `yaml:"MaxRequestHeaderBytes"` MaxWebSocketClients int `yaml:"MaxWebSocketClients"` SessionEnabled bool `yaml:"SessionEnabled"` SessionExpirationTime int `yaml:"SessionExpirationTime"` diff --git a/pkg/services/rpcsrv/server.go b/pkg/services/rpcsrv/server.go index 2ec692cb6..6e7a6ff55 100644 --- a/pkg/services/rpcsrv/server.go +++ b/pkg/services/rpcsrv/server.go @@ -267,25 +267,6 @@ var rpcWsHandlers = map[string]func(*Server, params.Params, *subscriber) (any, * // untyped nil or non-nil structure implementing OracleHandler interface. func New(chain Ledger, conf config.RPC, coreServer *network.Server, orc OracleHandler, log *zap.Logger, errChan chan<- error) Server { - addrs := conf.Addresses - httpServers := make([]*http.Server, len(addrs)) - for i, addr := range addrs { - httpServers[i] = &http.Server{ - Addr: addr, - } - } - - var tlsServers []*http.Server - if cfg := conf.TLSConfig; cfg.Enabled { - addrs := cfg.Addresses - tlsServers = make([]*http.Server, len(addrs)) - for i, addr := range addrs { - tlsServers[i] = &http.Server{ - Addr: addr, - } - } - } - protoCfg := chain.GetConfig().ProtocolConfiguration if conf.SessionEnabled { if conf.SessionExpirationTime <= 0 { @@ -317,6 +298,10 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server, conf.MaxRequestBodyBytes = config.DefaultMaxRequestBodyBytes log.Info("MaxRequestBodyBytes is not set or wong, setting default value", zap.Int("MaxRequestBodyBytes", config.DefaultMaxRequestBodyBytes)) } + if conf.MaxRequestHeaderBytes <= 0 { + conf.MaxRequestHeaderBytes = config.DefaultMaxRequestHeaderBytes + log.Info("MaxRequestHeaderBytes is not set or wong, setting default value", zap.Int("MaxRequestHeaderBytes", config.DefaultMaxRequestHeaderBytes)) + } if conf.MaxWebSocketClients == 0 { conf.MaxWebSocketClients = defaultMaxWebSocketClients log.Info("MaxWebSocketClients is not set or wrong, setting default value", zap.Int("MaxWebSocketClients", defaultMaxWebSocketClients)) @@ -329,6 +314,28 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server, if conf.EnableCORSWorkaround { wsOriginChecker = func(_ *http.Request) bool { return true } } + + addrs := conf.Addresses + httpServers := make([]*http.Server, len(addrs)) + for i, addr := range addrs { + httpServers[i] = &http.Server{ + Addr: addr, + MaxHeaderBytes: conf.MaxRequestHeaderBytes, + } + } + + var tlsServers []*http.Server + if cfg := conf.TLSConfig; cfg.Enabled { + addrs := cfg.Addresses + tlsServers = make([]*http.Server, len(addrs)) + for i, addr := range addrs { + tlsServers[i] = &http.Server{ + Addr: addr, + MaxHeaderBytes: conf.MaxRequestHeaderBytes, + } + } + } + return Server{ http: httpServers, https: tlsServers,