client_max_body_size param coming

Eric Wong normalperson at
Thu Apr 29 21:36:53 EDT 2010

Hi all,

There are currently no limits to the size of an HTTP request body.

I'm leaning towards making the default limit 1 megabyte (same as nginx).
This means if you're currently running Rainbows! and processing large
uploads, upgrading to a future version will require you to configure
this parameter.

I'm adding this because it's possible for somebody with a high bandwidth
connection to run your server out of disk space.  This is because Rack
(unfortunately) requires request bodies to be rewindable.

This primarily affects the EventMachine, NeverBlock and Rev backends.
They buffer the entire request body before dispatching to the Rack app,
so there's no chance for middleware to intercept calls to "rack.input"
to avoid the flood.

The rest of the concurrency models that use TeeInput never actually read
request bodies off the socket until the data is needed (though
Rack::Request used by most apps will also read it for POST params),
so I'm thinking about introducing middleware to wrap TeeInput and
have it automatically added to the stack.

I don't like automatically throwing middleware into things, but
I think having consistent behavior for:

   Rainbows! do
     use :Foo
     client_max_body_size 10*1024*1024

is important, as it only involves reconfiguring Rainbows!

Rainbows! will would return a "413 Request Entity Too Large" error in
cases when the body is too large and close the connection.

This will only affect Rainbows! and Zbatery.  I won't add this to
Unicorn since Unicorn was only designed to run behind nginx (and trusted
local clients).  Since Unicorn always uses TeeInput, anybody who really
wants it can add the new middleware to their stack.

Thanks for reading.

Eric Wong

More information about the rainbows-talk mailing list