You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/05/08 18:56:36 UTC
DO NOT REPLY [Bug 39514] New: - CGI and SSI response cannot be applied byterange filter
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
Summary: CGI and SSI response cannot be applied byterange filter
Product: Apache httpd-2
Version: 2.0.58
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: hirose31@t3.rim.or.jp
When I access some CGI scripts with "Range: bytes=1-5" header,
case Apache_Version in
2.0.54)
I got from 1 to 5 byte of all with "Content-Range" response header.
;;
2.0.55, 2.0.58)
I got WHOLE body data without "Content-Range" response header.
;;
esac
SSI pages are same too.
I suppose changes on PR 29962 affected.
* Is this correct behavior?
* Are there any workaround in >= 2.0.55?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From trawick@apache.org 2006-05-11 10:18 -------
>(I cannot grasp this change from CHANGES_2.0.55)
That is a good point. It is an interesting change which some people would want
to understand since they may see the change when analyzing network traces.
As far as "incompatibility:" Perhaps a more accurate way to say this from our
perspective is: "[It is remotely possible that somebody somewhere has a broken
HTTP client which would be affected by this change.]" But that would have to be
added to many CHANGES entries, and perhaps many thousands of people would feel
the need to investigate some of these issues even though actual problems are
extremely rare, and the problem would be present only in clients which might
already have issues communicating with other web servers or other versions of
Apache.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From nick@webthing.com 2006-05-11 10:37 -------
FWIW, improving this so it'll support byteranges in a wider range of cases
without the DoS attack is on the wishlist for at least some of us. So it may
happen sometime. But it's not a priority!
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From hirose31@t3.rim.or.jp 2006-05-09 17:25 -------
how to repeat.
* this is source code of simple CGI script.
$ cat t/range.cgi
#!/bin/sh
echo "Content-Type: text/plain"
echo
echo 0123456789
* firstly, do normal HTTP access.
$ curl -i http://example.com/t/range.cgi
HTTP/1.1 200 OK
Date: Tue, 09 May 2006 17:08:16 GMT
Server: Apache/2.0.54 (Unix) PHP/4.3.11
Transfer-Encoding: chunked
Content-Type: text/plain; charset=euc-jp
0123456789
* secondary, access with "Range" request header to Apache-2.0.54.
* OK, size of response body is 5 byte.
$ curl -i -H 'Range: bytes=1-5' http://example.com/t/range.cgi
HTTP/1.1 206 Partial Content
Date: Tue, 09 May 2006 17:08:43 GMT
Server: Apache/2.0.54 (Unix) PHP/4.3.11
Content-Range: bytes 1-5/11
Content-Length: 5
Content-Type: text/plain; charset=euc-jp
12345$
* do same HTTP access to Apache-2.0.58.
* size of response body is not 5 byte but 10byte(whole).
$ curl -i -H 'Range: bytes=1-5' http://example.com/t/range.cgi
HTTP/1.1 200 OK
Date: Tue, 09 May 2006 17:09:36 GMT
Server: Apache/2.0.58 (Unix) PHP/4.4.2 with Hardening-Patch
Transfer-Encoding: chunked
Content-Type: text/plain; charset=euc-jp
0123456789
$
Is this changing behavior between 2.0.54 and 2.0.5[58] known incompatibility?
I hope back to following behavior like 2.0.54.
* Apache add "Content-Range" and strip data unless CGI response data
contains "Content-Range" header.
* Apache don't add "Content-Range" and strip data if CGI response data
contains "Content-Range" header.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
slive@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From slive@apache.org 2006-05-09 19:52 -------
I'm not sure what your question is here. As you can see in the bug you
referenced (bug 29962), range responses have been deliberately turned off on
content that isn't disk based, because they cause unbounded memory usage. It is
perfectly legal for the server to ignore the Range header when it wants, so this
is not a bug and shouldn't cause problems for any conforming client.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From slive@apache.org 2006-05-10 14:48 -------
Well, the change isn't incompatible in the sense that it will not break any
compliant browsers. You seem to be dealing with clients that do not properly
impliment http.
You might consider bringing up this issue on the developers list to see if any
developers have an interest in partially restoring byteranges on dynamic
content. Personally, I've never understood why it was necessary to completely
disable dynamic byteranges. Clients that request out-of-order byteranges
obviously require buffering and should be ignored. But for in-order byteranges,
you would think httpd could simply dump content until it hits the relevant range
rather than buffering it all in memory.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From hirose31@t3.rim.or.jp 2006-05-11 04:19 -------
The reply thank you.
I also think that the modification of byterange is appropriate and Range should
be processed on CGI side. And I know properly implimented http client is no problem.
Simply, I hoped announcing clearly the fact that byterange processing which is
applied to also CGI so far stopped being applied, as incompatibility between
Apache-2.0.54 and 2.0.55. (I cannot grasp this change from CHANGES_2.0.55)
Because perhaps the user of CGI and mod_jk/Tomcat which depend on the Range
processing of Apache is...
For example, MySQL say cleary "Incompatible change" in its change history
<http://dev.mysql.com/doc/refman/5.0/en/news-5-0-19.html>. This is very helpful
for mysql users. I think many Apache user are happy if Apache team announce
distinguishing the difference with incompatible change and just bug fix.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From jorton@redhat.com 2006-05-10 15:33 -------
If you need to send ranged responses in your CGI script, do it in your CGI
script; parse the Range header and send a response with an appropriate
Content-Range header.
IMO it is simply not correct to do this in general at httpd level - it's very
expensive (say your CGI script generates 2Gb of content, and the user just
requested the last 2 bytes), and it would add a lots of complexity.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39514] - CGI and SSI response cannot be applied byterange filter
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39514>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39514
------- Additional Comments From hirose31@t3.rim.or.jp 2006-05-10 03:45 -------
Thank you for reply.
I confirm that Range response turns off for response which isn't disk based(eg
CGI, SSI).
I hope that Apache team announce cleary this changing as incompatible change.
> It is
> perfectly legal for the server to ignore the Range header when it wants, so this
> is not a bug and shouldn't cause problems for any conforming client.
(digression)
I know that, but browser in some mobile phone absolutely need Range response
when downloading media data(sound, movie...).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org