https://bz.apache.org/bugzilla/show_bug.cgi?id=64925
Bug ID: 64925
Summary: Set LimitRequestFields = 0 fail the test
Product: Apache httpd-test
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: framework
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi,
I'm working on testing software and its configuration. I'm using
mod_perl-2.0.10 (I think it is the official one) to test httpd-2.4.37.
I wrongly-set LimitRequestFields to a string and the test (server_rec.t)
failed. When I check the source code I found that the value is changed to 0 by
using atoi(). And from the doc (I also checked the source code and conformed
this): "Number is an integer from 0 (meaning unlimited) to 32767. 0 means
disable the limit."
Then I tried value 0, 1 and 100. Both 0 and 1 failed the test and 100 passed. I
understand the value 1 is too small for a normal client request might include
and there is clear log in logs/error_log: "AH00563: Number of request headers
exceeds LimitRequestFields." However, I didn't find any informative logs when I
set LimitRequestFields to 0 to show why the test fails, and I believe
LimitRequestFields = 0 is a valid value (no limit) although it may lead to
security issues.
Could you please help me check the source code and test code to see what's the
problem here, thanks a lot!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
