{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《how to limit tornado websocket message size》','https://www.manongdao.com/q-1282273.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have written a websocket server in tornado and on_message method is called when a message is received. The problem is, the message size is unlimited by defualt, In other word, the project is opened to attack by sending a huge data(Message) from a client to the websocket and it makes the server side memory full. there has to be an option to put a limit on incoming message size, is there? if not, what i have to do to avoid such bug?
Here is my code to get messages only less than 128 byte length, but it doesn't seem to work.
class ClientWebSocketConnectionHandler(tornado.websocket.WebSocketHandler):
def open(self):
print "Connection is opened"
def on_message(self, message):
print message
def on_close(self):
print "closed"
handlers = [(r'/', ClientWebSocketConnectionHandler)]
tornado.web.Application.__init__(self, handlers)
TheShieldsWebSocket = MainApplication()
server =tornado.httpserver.HTTPServer(TheShieldsWebSocket,max_body_size=128)
server.listen(8080)
take a look at the documentation here:
http://www.tornadoweb.org/en/stable/http1connection.html#tornado.http1connection.HTTP1Connection.set_max_body_size
To paraphrase for future proofing the link:
Since version 4.5 Tornado will close the connection automatically if it receives more than 10 MiB of data in a single websocket frame (message). So, you don't have to worry about someone sending huge data in a single message. You can see this in the source code. It's also mentioned in the docs of
WebsocketHandlerin the second-last paragraph.If you'd like to change the default frame limit you can pass your
Applicationclass an argument calledwebsocket_max_message_sizewith the size in bytes.