https://issues.apache.org/bugzilla/show_bug.cgi?id=56035
Bug ID: 56035
Summary: Issue with LimitRequestBody
Product: Apache httpd-2
Version: 2.2.26
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
I am using httpd-2.2.26. Whenever I use LimitRequestBody directive Apache gives
413 to user if content length is greater than the value specified in directive
but logs as 200. It even appends the response html along with error document.
This problem happens in httpd-2.4.4 also
On further debugging 2.2.26 with gdb i found the problem occurs in
modules/http/http_request.c (ap_process_request) line 291
if (access_status == OK) {
ap_finalize_request_protocol(r);
}
else {
r->status = HTTP_OK;
ap_die(access_status, r);
}
the access_status for request which are to reponsed to 413 is not OK(it is -3).
So it reaches else part, which sets status as 200 and calls ap_die
If I make the change as
if (access_status == OK||r->status==413) {
ap_finalize_request_protocol(r);
}
else {
r->status = HTTP_OK;
ap_die(access_status, r);
}
It works fine, I know this is small hack to hide the issue. Is there a open bug
in httpd for this?
Does this change causes any performance issue/ failures?
Let me know is there a cleaner way to enforce LimitRequestBody
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
