You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Al Dispennette <Al...@clairmail.com> on 2011/09/27 23:47:04 UTC

[users@httpd] httpd configuration question

Below I have two location match tags that I would like to use to control the flow of information as it enters my apache servers. The problem though is that when I restart the servers I get an error saying that the limit request field variable is not permitted inside the location match tag.  This seems to me like a problem.  If I have one page that has a large amount of data being passed in a single field and another page that has a small amount of data in a large number of fields.  How am I supposed to accommodate that without increasing both globally?

If I am misunderstanding how this works please correct me so I can figure out a solution to this.

<LocationMatch "regEx1">
LimitRequestBody 40960
LimitRequestField 8
LimitRequestFieldSize 4096
</LocationMatch>

<LocationMatch "regExp2">
LimitRequestBody 40960
LimitRequestField 300
LimitRequestFieldSize 128
</LocationMatch>


Al Dispennette
Customer Software Sustaining
Sr. Development Support Engineer

781 Lincoln Ave., Suite 200
San Rafael, CA 94901
Phone: (415) 526-7000 ext 7206
Cell: (309) 868-1401
Fax: (415) 526-7099
al.dispennette@Clairmail.com<ma...@Clairmail.com>
[cid:image001.jpg@01CC7D24.52BE4E40]
*********************************************************************************************************

This email and any attachment may contain confidential, proprietary, and/or privileged information.  It is intended solely for the recipient.  If you have received this email in error or are not able or willing to take reasonable steps to protect the information contained herein from improper disclosure, please notify the sender immediately by reply email and destroy all copies.

*********************************************************************************************************

Re: [users@httpd] httpd configuration question

Posted by Mark Montague <ma...@catseye.org>.
On September 27, 2011 17:47 , Al Dispennette 
<Al...@clairmail.com> wrote:
>
> Below I have two location match tags that I would like to use to 
> control the flow of information as it enters my apache servers. The 
> problem though is that when I restart the servers I get an error 
> saying that the limit request field variable is not permitted inside 
> the location match tag.  This seems to me like a problem.  If I have 
> one page that has a large amount of data being passed in a single 
> field and another page that has a small amount of data in a large 
> number of fields.  How am I supposed to accommodate that without 
> increasing both globally?
>

Is it really necessary to try exert this degree of control?  Would it be 
bad for you to leave LimitRequestBody, LimitRequestFields (note the "s" 
at the end of the directive name, you were missing the "s" in the 
configuration you included in your original message), and 
LimitRequestFieldSize?

LimitRequestFields and LimitRequestFieldSize can only be used in the 
server configuration and virtual host contexts; they cannot be used in 
directory context or .htaccess context.  To use a directive in a 
<Location> or <LocationMatch> stanza, the directive has to be one that 
can be used in directory context.  So the behavior your are observing is 
correct, per the documentation.  If I were to guess as to why these 
directives are not supported in directory context, my guess would be 
because they both impose limits on HTTP request headers.  HTTP request 
headers are read very early in Apache HTTP Server's request processing 
loop, long before URL rewriting or URL-to-filesystem path mapping are 
done; these things would have to be taken into account in order to allow 
the directives to be used in directory context.  Since these requests 
are intended (per the documentation) to avoid some forms denial of 
service attacks, it makes sense to deny the request as soon as the 
headers are read and not do all the additional processing that would 
need to be done to figure out the URL-path and/or filesystem-path before 
knowing whether the request applied to one or more of the <Directory>, 
<DirectoryMatch>, <Location>, <LocationMatch>, <Proxy>, or <ProxyMatch> 
stanzas -- or one or more of the .htaccess files -- that might wind up 
applying to the request.

--
   Mark Montague
   mark@catseye.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org