Brethren,

Using Apache, if submit a way-too-long request URL the server will respond with a 414 "Request-URI Too Large" error. If I try submitting a way-too-long URL to my Dancer application it causes the worker process to go to 100% CPU and (within a few seconds) the request fails. Is there a way to throw a 414 and avoid this behavior when Dancer running under Starman?

Many thanks for your input.

Update: The application is a restful service that supports multiple (read-only) web reporting applications and consists of one primary perl module and several additional "business" modules (one business module for each web-app). The main module takes care of all the database access, rendering, etc. and the "business" modules define the routes and configuration for each of the web-apps and are 90+% configuration. Each route consists of the base URL for that route plus query parameters for filtering the data to be returned.

Because of the way things are built it makes it easy to add new "business" modules; it also seems to mean that adding a "it's too long" route to the beginning of the primary module doesn't works as it appears that it is not necessarily the first route checked.

So far the effort has been in building the routes, making them work, and ensuring that things are secure. Reading Blog post on hardening Perl's hash function reminded me that I should also be spending a bit more time on making things robust to intentionally bad input. Currently, valid input parameters are un-tainted prior to using and invalid input parameters get dropped on the floor-- but what happens if/when a valid route with hundreds/thousands of invalid parameters are submitted?

Adding a "it's too long" route to the beginning of the primary module appears to only work if the route submitted doesn't match any of the business routes-- as such, it doesn't catch the case of the way-too-many intentionally mischevious input parameters. It also only catches the "too-long-invalid-route" after it's spent however much time looking at it.

I've tried using a "before hook" but I can't for the life of me figure out how to short-circuit the request at that point.

In reply to SOLVED: Limit URL length with Dancer/Starman by gsiems

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.