mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-12-18 07:51:58 +01:00
Code Issues Projects Releases Wiki Activity
traefik/docs/content/security/content-length.md
Romain 4d7d627319
Reject suspicious encoded characters 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2025-12-04 15:10:05 +01:00

28 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Content-Length"
description: "Enforce strict ContentLength validation in Traefik by streaming or full buffering to prevent truncated or overlong requests and responses. Read the technical documentation."
---
Traefik acts as a streaming proxy. By default, it checks each chunk of data against the `Content-Length` header as it passes it on to the backend or client.
This live check blocks truncated or overlong streams without holding the entire message.
If you need Traefik to read and verify the full body before any data moves on, add the [buffering middleware](../middlewares/http/buffering.md):
```yaml
http:
middlewares:
buffer-and-validate:
buffering: {}
```
With buffering enabled, Traefik will:
- Read the entire request or response into memory.
- Compare the actual byte count to the `Content-Length` header.
- Reject the message if the counts do not match.
!!! warning
Buffering adds overhead. Every request and response is held in full before forwarding, which can increase memory use and latency.
Use it when strict content validation is critical to your security posture.
Reference in New Issue View Git Blame Copy Permalink