As discussed by
Ovid at
Preventing DOS attacks with CGI.pm, one of the key elements of all code employing
CGI is the definition of
$CGI::POST_MAX, thereby limiting the maximum accepted size of the submitted request entity. If this value, defined in bytes, is exceeded by the HTTP request, the result is the generation of a request entity too large error upon initiation of the
CGI object that is returned to the HTTP client.
In a reply to my post here, Hero Zzyzzx asked how a more custom error handling response for over-sized requests could be incorporated into code - The result, with some liberties taken from the CGI module, is the code below:
#!/usr/bin/perl -Tw
use CGI;
use strict;
BEGIN {
my $POST_MAX = 512 * 1024;
my $content_length = defined $ENV{'CONTENT_LENGTH'} ? $ENV{'CONTEN
+T_LENGTH'} : 0;
if ( ($POST_MAX > 0) && ($content_length > $POST_MAX) ) {
# custom request entity too large error handling
}
}