Limit HTTP header count and size (vllm-project#23267)

Manually applied cherry-pick of commit d8b736f

Signed-off-by: Taneem Ibrahim <[email protected]>
Signed-off-by: Russell Bryant <[email protected]>
Co-authored-by: Taneem Ibrahim <[email protected]>
Signed-off-by: simon-mo <[email protected]>

Author: dsocek

vllm/entrypoints/constants.py

@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: Copyright contributors to the vLLM project
+"""
+Shared constants for vLLM entrypoints.
+"""
+
+# HTTP header limits for h11 parser
+# These constants help mitigate header abuse attacks
+H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT = 4194304  # 4 MB
+H11_MAX_HEADER_COUNT_DEFAULT = 256

vllm/entrypoints/launcher.py

@@ -9,13 +9,20 @@
 from vllm import envs
 from vllm.engine.async_llm_engine import AsyncEngineDeadError
 from vllm.engine.multiprocessing import MQEngineDeadError
+from vllm.entrypoints.constants import (H11_MAX_HEADER_COUNT_DEFAULT,
+                                        H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT)
 from vllm.logger import init_logger
 from vllm.utils import find_process_using_port
 
 logger = init_logger(__name__)
 
 
 async def serve_http(app: FastAPI, **uvicorn_kwargs: Any):
+    """
+    Start a FastAPI app using Uvicorn, with support for custom Uvicorn config
+    options.  Supports http header limits via h11_max_incomplete_event_size and
+    h11_max_header_count.
+    """
     logger.info("Available routes are:")
     for route in app.routes:
         methods = getattr(route, "methods", None)
@@ -26,7 +33,21 @@ async def serve_http(app: FastAPI, **uvicorn_kwargs: Any):
 
         logger.info("Route: %s, Methods: %s", path, ', '.join(methods))
 
+    # Extract header limit options if present
+    h11_max_incomplete_event_size = uvicorn_kwargs.pop(
+        "h11_max_incomplete_event_size", None)
+    h11_max_header_count = uvicorn_kwargs.pop("h11_max_header_count", None)
+
+    # Set safe defaults if not provided
+    if h11_max_incomplete_event_size is None:
+        h11_max_incomplete_event_size = H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT
+    if h11_max_header_count is None:
+        h11_max_header_count = H11_MAX_HEADER_COUNT_DEFAULT
+
     config = uvicorn.Config(app, **uvicorn_kwargs)
+    # Set header limits
+    config.h11_max_incomplete_event_size = h11_max_incomplete_event_size
+    config.h11_max_header_count = h11_max_header_count
     server = uvicorn.Server(config)
     _add_shutdown_handlers(app, server)
 

vllm/entrypoints/openai/api_server.py

@@ -753,6 +753,8 @@ def signal_handler(*_) -> None:
             ssl_certfile=args.ssl_certfile,
             ssl_ca_certs=args.ssl_ca_certs,
             ssl_cert_reqs=args.ssl_cert_reqs,
+            h11_max_incomplete_event_size=args.h11_max_incomplete_event_size,
+            h11_max_header_count=args.h11_max_header_count,
             **uvicorn_kwargs,
         )
 

vllm/entrypoints/openai/cli_args.py

@@ -12,6 +12,8 @@
 from vllm.engine.arg_utils import AsyncEngineArgs, nullable_str
 from vllm.entrypoints.chat_utils import (ChatTemplateContentFormatOption,
                                          validate_chat_template)
+from vllm.entrypoints.constants import (H11_MAX_HEADER_COUNT_DEFAULT,
+                                        H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT)
 from vllm.entrypoints.openai.serving_engine import (LoRAModulePath,
                                                     PromptAdapterPath)
 from vllm.entrypoints.openai.tool_parsers import ToolParserManager
@@ -251,6 +253,23 @@ def make_arg_parser(parser: FlexibleArgumentParser) -> FlexibleArgumentParser:
         default=False,
         help="If set to True, enable prompt_tokens_details in usage.")
 
+    parser.add_argument(
+        "--h11-max-incomplete-event-size",
+        type=int,
+        default=H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT,
+        help="Maximum size (bytes) of an incomplete HTTP event (header or body)"
+        " for h11 parser. Helps mitigate header abuse. "
+        f"Default: {H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT}"
+        f" ({H11_MAX_INCOMPLETE_EVENT_SIZE_DEFAULT / (1024*1024):.1f} MB).")
+
+    parser.add_argument(
+        "--h11-max-header-count",
+        type=int,
+        default=H11_MAX_HEADER_COUNT_DEFAULT,
+        help="Maximum number of HTTP headers allowed in a request for h11"
+        " parser. Helps mitigate header abuse. "
+        f"Default: {H11_MAX_HEADER_COUNT_DEFAULT}.")
+
     return parser