On Wed, Oct 1, 2014 at 2:24 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
> i don't know what happens internally > That's what's on-topic for the development list. > > just that "SecRequestBodyLimit" opens a large security hole > because on just needs to send large data to any script > on the server to get the source, even scripts only > working as includes and contain credentials > > IMHO if a restriciton like "SecRequestBodyLimit" is triggered > any output should be thrown away and the error handler called > delivering the 403 default error page > I think you mean LimitRequestBody. I don't think anyone has done enough homework to see what goes wrong under mod_php to see if a change to LimitRequestBody is needed. It currently detects the size breach and returns an error to whoever is reading the body. In other words handlers have access to all kinds of filter errors, so changes there are intrusive. -- Eric Covener cove...@gmail.com
