[GH-ISSUE #12699] feat: Implement limits on user controlled inputs to reduce impact of Denial of Sevice attacks #16689

New Issue

GiteaMirror · 2026-04-19T22:34:16-05:00

GiteaMirror commented

2026-04-19 22:34:16 -05:00

Originally created by @chris710 on GitHub (Apr 10, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/12699

Check Existing Issues

I have searched the existing issues and discussions.

Problem Description

Several capabilities under user control allow a single user to generate exceedingly long requests that can overwhelm the server and temporarily block access to the service:

changing chat name to a ridiculously long one
creating a tag with enormous name length
assigning a great number of tags to conversations
creating a large number of chats
exporting a long conversation via pdf

A malicious user can use these to negatively impact disk space and database usage on the server, creating problems for legitimate users.

Desired Solution you'd like

Create a hard limitation on capabilities under user control:

chat name length (e.g. 10000 characters)
tag name length (e.g. 200 characters)
number of assigned tags (e.g. 100 tags)
number of created chats (e.g. 10000 chats)
exported chat pdf length (e.g. 100 pages; exporting as multiple documents may be applicable in cases of legitimate export; another way is to create an option to disable pdf export)

In some cases it may be appropriate to parametrize these limits.

Alternatives Considered

No response

Additional Context

No response

Originally created by @chris710 on GitHub (Apr 10, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/12699 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Several capabilities under user control allow a single user to generate exceedingly long requests that can overwhelm the server and temporarily block access to the service: - changing chat name to a ridiculously long one - creating a tag with enormous name length - assigning a great number of tags to conversations - creating a large number of chats - exporting a long conversation via pdf A malicious user can use these to negatively impact disk space and database usage on the server, creating problems for legitimate users. ### Desired Solution you'd like Create a hard limitation on capabilities under user control: - [ ] chat name length (e.g. 10000 characters) - [ ] tag name length (e.g. 200 characters) - [ ] number of assigned tags (e.g. 100 tags) - [ ] number of created chats (e.g. 10000 chats) - [ ] exported chat pdf length (e.g. 100 pages; exporting as multiple documents may be applicable in cases of legitimate export; another way is to create an option to disable pdf export) In some cases it may be appropriate to parametrize these limits. ### Alternatives Considered _No response_ ### Additional Context _No response_

GiteaMirror closed this issue

2026-04-19 22:34:16 -05:00

GiteaMirror commented

2026-04-19 22:34:17 -05:00

@Ithanil commented on GitHub (Apr 10, 2025):

This is very desirable, even if the service isn't public. Some pupils and students love breaking things.

@Ithanil commented on GitHub (Apr 10, 2025): This is very desirable, even if the service isn't public. Some pupils and students love breaking things.

GiteaMirror referenced this issue

2026-04-19 23:54:45 -05:00

[GH-ISSUE #16689] issue: Providers setting the "name" attribute of of models to null breaks things #18010

GiteaMirror referenced this issue

2026-04-20 05:17:14 -05:00

[PR #16690] [CLOSED] fix: fixed an edge case where openai providers may set the model name to null #24209

GiteaMirror referenced this issue

2026-04-25 07:26:35 -05:00

[GH-ISSUE #16689] issue: Providers setting the "name" attribute of of models to null breaks things #33539

GiteaMirror referenced this issue

2026-04-25 12:16:20 -05:00

[PR #16690] [CLOSED] fix: fixed an edge case where openai providers may set the model name to null #39839