You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alex Drummond <a....@googlemail.com> on 2010/01/09 21:25:52 UTC
[users@httpd] LimitRequestBody not dropping connections
Hi,
I have a problem with using the LimitRequestBody directive to limit
file upload size. I'm using apache 2.2.14 on linux (CentOS). If I
attempt to upload a large file via a browser (I've tried this with
Firefox and Safari), Apache does not drop the connection and only
gives an error once all the file data has been sent. E.g, if I set
LimitRequestBody to 1 (byte) and then try to upload a 10MB file, the
connection is not dropped immediately. However, although the
connection is not dropped, the error log is immediately updated with:
"Requested content-length of $X is larger than the configured limit of
$Y".
Oddly, if I telnet to the server and send something like:
POST /webappdir/ HTTP/1.0
Content-Length: 3000000000
Apache sends a 413 and closes the connection as soon as I enter the
line break after the headers. I've checked that Firefox is sending an
appropriate Content-Length header, so the difference in browser/telnet
behavior should not be down to this.
The POST requests are being handled by a Perl app (using Catalyst). I
get the same results running it under mod_fastcgi and mod_perl. I've
heard that LimitRequestBody doesn't work properly with mod_fastcgi,
but there are many references to people using it with mod_perl. In any
case, since requests over telnet like the one above do cause the
connection to be dropped immediately, I don't think this is a
mod_perl/mod_fastcgi issue per se.
I'm sure I'm doing something stupid here, or there is something wrong
with my configuration, but if anyone could shed some light on this
this it would be very much appreciated.
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] LimitRequestBody not dropping connections
Posted by Alex Drummond <a....@googlemail.com>.
Nick Kew wrote:
> Firefox probably asked for a keepalive connection. Your telnet didn't.
I did set KeepAlive to 'off' in httpd.conf when testing; not sure what
difference this would make.
> Is your backend script being passed the oversized request,
> or is it just an issue of keeping the connection alive?
I've tested this just now and it turns out that it isn't. So it seems
to be an issue with the connection only.
> Could it be that you're getting an immediate response, but
> Firefox isn't telling you immediately?
That seems likely, since with Opera the upload is canceled immediately
if the Content-Length header is too large. Apparently, Opera is about
the only browser that checks for a response before it's finished
sending a request, so the difference in behavior makes sense.
I was expecting LimitRequestBody to close the connection if the limit
was exceeded, so that users of other browsers would at least not be
waiting too long for an error message, even if the error they get
isn't a proper 413. However, I understand that the LimitRequestBody
directive may simply not be designed to do this, in which case there
would appear to be no bug(let).
thanks for the response,
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] LimitRequestBody not dropping connections
Posted by Nick Kew <ni...@webthing.com>.
Alex Drummond wrote:
> POST /webappdir/ HTTP/1.0
> Content-Length: 3000000000
>
> Apache sends a 413 and closes the connection as soon as I enter the
> line break after the headers. I've checked that Firefox is sending an
> appropriate Content-Length header, so the difference in browser/telnet
> behavior should not be down to this.
Firefox probably asked for a keepalive connection. Your telnet didn't.
Is your backend script being passed the oversized request, or is it
just an issue of keeping the connection alive? Could it be that
you're getting an immediate response, but Firefox isn't telling
you immediately?
(yes, it smells of a buglet, but we should try to diagnose as
much as we can before jumping to conclusions).
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] LimitRequestBody not dropping connections
Posted by Eric Covener <co...@gmail.com>.
On Sat, Jan 9, 2010 at 3:25 PM, Alex Drummond
<a....@googlemail.com> wrote:
> Hi,
>
> I have a problem with using the LimitRequestBody directive to limit
> file upload size. I'm using apache 2.2.14 on linux (CentOS). If I
> attempt to upload a large file via a browser (I've tried this with
> Firefox and Safari), Apache does not drop the connection and only
> gives an error once all the file data has been sent. E.g, if I set
> LimitRequestBody to 1 (byte) and then try to upload a 10MB file, the
> connection is not dropped immediately. However, although the
> connection is not dropped, the error log is immediately updated with:
> "Requested content-length of $X is larger than the configured limit of
> $Y".
>
> Oddly, if I telnet to the server and send something like:
>
> POST /webappdir/ HTTP/1.0
> Content-Length: 3000000000
>
> Apache sends a 413 and closes the connection as soon as I enter the
> line break after the headers. I've checked that Firefox is sending an
> appropriate Content-Length header, so the difference in browser/telnet
> behavior should not be down to this.
Maybe a HTTP/1.0 difference? Apache will try hard to drain that
request body, because browsers don't try to read a response until
their body has been read.
This means LimitRequestBody doesn't save you so much on bandwidth, but
protecting whatever backend app would have had to use the large body
(IIUC)
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org