https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
--- Comment #3 from Tony <[EMAIL PROTECTED]> 2008-05-08 00:48:48 PST ---
Yes this is a big bug and I don't know why no one from Apache has even
commented on this post. My temporary solution so far is to add this line to
programs before exit:
if ($ENV{'CONTENT_LENGTH'}) {while (<STDIN>){}}
Vinci, you state it is not a problem with GET, but the problem is mainly if you
use "GET" in your application and do not write for a POST. Some bots out there
may try using your GET method forms/links, but instead may send a POST and
that's where the problem is. Plus bots or any malicious user could try sending
HUGE amounts of data via a POST bringing your server down as Apache waits for
the POST data to be read. My solution to prevent this has been to limit how
much of the $ENV{'CONTENT_LENGTH'} I would read in, but with this bug it just
hangs your server until the client has finished sending their POST. The only
solution I've been able to come up with is the one above, but it is band-aide
rather than a fix. I sure wish someone from Apache would at least comment on
this.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
