How to limit the size of a websocket message?

Zhaoxun · October 17, 2020, 6:44am

Excuse me, but this is a serious issue regarding server security.

Suppose one mallicious client just sent a meaningless websocket message as big as 4GB to the django server, how can the server stops it from sending more websocket frames after realizing it has breached the size limit?

Also, I would like this error to be catched by upper functions and block this client from further logging in after kicking it offline, and record this attack.

Related discussions on stackovervlow:

KenWhitesell · October 17, 2020, 3:46pm

I’m going to go way out on a limb here and say that this isn’t so much a Django issue as it is a Daphne / Twisted issue if you’re using that, or whatever websocket handler if you’re not.

In the Daphne case, there’s an option in the WebSocket protocol for setting the maximum frame and message payload sizes.
I’d be willing to make a guess that if you set that to a reasonable / expected value, it would prevent the type of attack you’re describing.

Topic		Replies	Views
What is the size limitation for a json field? Using Django	1	6637	September 18, 2020
Uploading files parameters seems to have no effect in deployment Using Django	2	1719	May 18, 2020
Unable to upload file size >1GB Using Django	1	999	October 28, 2021
run Django app with tornado Using Django	3	623	June 20, 2020
Django crashes when upload a big file Using Django	8	3449	January 27, 2021

How to limit the size of a websocket message?

Related topics