[GH-ISSUE #12699] feat: Implement limits on user controlled inputs to reduce impact of Denial of Sevice attacks #32218

New Issue

Closed

opened 2026-04-25 06:06:08 -05:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-04-25 06:06:08 -05:00

Owner

Copy Link

Originally created by @chris710 on GitHub (Apr 10, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/12699

Check Existing Issues

• I have searched the existing issues and discussions.

Problem Description

Several capabilities under user control allow a single user to generate exceedingly long requests that can overwhelm the server and temporarily block access to the service:

• changing chat name to a ridiculously long one
• creating a tag with enormous name length
• assigning a great number of tags to conversations
• creating a large number of chats
• exporting a long conversation via pdf

A malicious user can use these to negatively impact disk space and database usage on the server, creating problems for legitimate users.

Desired Solution you'd like

Create a hard limitation on capabilities under user control:

• chat name length (e.g. 10000 characters)
• tag name length (e.g. 200 characters)
• number of assigned tags (e.g. 100 tags)
• number of created chats (e.g. 10000 chats)
• exported chat pdf length (e.g. 100 pages; exporting as multiple documents may be applicable in cases of legitimate export; another way is to create an option to disable pdf export)

In some cases it may be appropriate to parametrize these limits.

Alternatives Considered

No response

Additional Context

No response

Originally created by @chris710 on GitHub (Apr 10, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/12699 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Several capabilities under user control allow a single user to generate exceedingly long requests that can overwhelm the server and temporarily block access to the service: - changing chat name to a ridiculously long one - creating a tag with enormous name length - assigning a great number of tags to conversations - creating a large number of chats - exporting a long conversation via pdf A malicious user can use these to negatively impact disk space and database usage on the server, creating problems for legitimate users. ### Desired Solution you'd like Create a hard limitation on capabilities under user control: - [ ] chat name length (e.g. 10000 characters) - [ ] tag name length (e.g. 200 characters) - [ ] number of assigned tags (e.g. 100 tags) - [ ] number of created chats (e.g. 10000 chats) - [ ] exported chat pdf length (e.g. 100 pages; exporting as multiple documents may be applicable in cases of legitimate export; another way is to create an option to disable pdf export) In some cases it may be appropriate to parametrize these limits. ### Alternatives Considered _No response_ ### Additional Context _No response_

GiteaMirror closed this issue 2026-04-25 06:06:09 -05:00

GiteaMirror commented 2026-04-25 06:06:10 -05:00

Author

Owner

Copy Link

@Ithanil commented on GitHub (Apr 10, 2025):

This is very desirable, even if the service isn't public. Some pupils and students love breaking things.

<!-- gh-comment-id:2793823401 --> @Ithanil commented on GitHub (Apr 10, 2025): This is very desirable, even if the service isn't public. Some pupils and students love breaking things.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#32218