Don't see that anywhere. Either eaten by spam filters or a gerbil. Anyway, I don't understand why this would have broken mod_dav. If mod_dav wants a keepalive connection it should determine this prior to the ap_die and set conn->keepalive to 1. Or am I missing something with respect to what mod_dav is doing here? I suppose we could add an ugly exception for a PROPFIND here, but I'd like to make sure that is actually needed.
Without this patch non-keepalive connections are not being dropped when we know there is nothing more to do. For example, on a server that doesn't allow POST someone can POST to it and it will happily sit there and read the entire POST request. This defeats the purpose of adding a Limit POST and introduces a DoS. Same for a 404 or any other error handler. I can POST to a bogus URL and Apache will read the entire POST request even though we know it is a 404 at this point and that we can safely discard the request body. I don't think releasing .32 without addressing this issue is a good idea. -Rasmus On Wed, 9 Jun 2004, Jim Jagielski wrote: > I had sent private Email to your @apache.org address > (since that's the one you use to provide HTTPD related > patches). > > On Jun 8, 2004, at 5:10 PM, Rasmus Lerdorf wrote: > > > Uh, I never received anything on this. Did you actually send me > > something? I'll have a look at addressing this issue. Releasing > > 1.3.32 > > without this fix would be a nasty backwards step. The original problem > > this fixes is serious. > > > > -Rasmus > > > > On Fri, 28 May 2004, Jim Jagielski wrote: > > > >> I've backed out that patch and asked Rasmus to send a replacemnet > >> which addresses his specific problem but does not cause > >> the below behavior. > >> > >> I'm tempted to release 1.3.32... > >> > >> Jeff Trawick wrote: > >>> > >>> This patch did it: > >>> > >>> http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/ > >>> http_request.c?r1=1.173&r2=1.174 > >>> > >>> See also > >>> > >>> http://issues.apache.org/bugzilla/show_bug.cgi?id=29257 > >>> http://www.rtr.com/fp2002disc/_disc2/00000a71.htm > >>> > >> > >> > >> -- > >> ====================================================================== > >> ===== > >> Jim Jagielski [|] [EMAIL PROTECTED] [|] > >> http://www.jaguNET.com/ > >> "A society that will trade a little liberty for a little order > >> will lose both and deserve neither" - T.Jefferson > >> > > > > >
