Package: lighttpd Version: 1.4.55-1 Severity: important Dear Maintainer,
Here is a very wired bug. I'll try to explain... GET requests send invalid data for files above 30kB when connecting to the server over http. But GET requests send good data when connecing over https. I've done my investigations using png image files, having different sizes. I've also tested with different client softawares : firefox 74.0, gnome-web 3.34.4, and wget 1.20.3. ANd I used a minimalistic server configuration file that can be found as attachment. Thank's for your help ! Guillaume -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lighttpd depends on: ii libattr1 1:2.4.48-5 ii libbz2-1.0 1.0.8-2 ii libc6 2.30-4 ii libcrypt1 1:4.4.15-1 ii libfam0 2.7.0-17.3 ii libpcre3 2:8.39-12+b1 ii libssl1.1 1.1.1d-2 ii lsb-base 11.1.0 ii mime-support 3.64 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages lighttpd recommends: ii perl 5.30.0-9 pn spawn-fcgi <none> Versions of packages lighttpd suggests: pn apache2-utils <none> pn lighttpd-doc <none> pn lighttpd-mod-authn-gssapi <none> pn lighttpd-mod-authn-pam <none> pn lighttpd-mod-authn-sasl <none> pn lighttpd-mod-cml <none> pn lighttpd-mod-geoip <none> pn lighttpd-mod-magnet <none> pn lighttpd-mod-maxminddb <none> pn lighttpd-mod-trigger-b4-dl <none> pn lighttpd-mod-vhostdb-dbi <none> pn lighttpd-mod-vhostdb-pgsql <none> pn lighttpd-mod-webdav <none> pn lighttpd-modules-ldap <none> pn lighttpd-modules-mysql <none> ii openssl 1.1.1d-2 ii php-cgi 2:7.3+69 ii php7.0-cgi [php-cgi] 7.0.31-1 ii php7.3-cgi [php-cgi] 7.3.15-3 pn rrdtool <none> -- Configuration Files: /etc/lighttpd/conf-available/10-ssl.conf changed: server.modules += ( "mod_openssl" ) $SERVER["socket"] == "0.0.0.0:443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/cert.pem" ssl.privkey = "/etc/lighttpd/privkey.pem" ssl.cipher-list = "HIGH" } /etc/lighttpd/conf-available/90-debian-doc.conf changed: $HTTP["remoteip"] =~ "^127\.0\.0\.1$|^::1$" { alias.url += ( # "/cgi-bin/" => "/usr/lib/cgi-bin/", "/doc/" => "/usr/share/doc/", "/images/" => "/usr/share/images/" ) $HTTP["url"] =~ "^/doc/|^/images/" { dir-listing.activate = "enable" } $HTTP["url"] =~ "^/cgi-bin/" { cgi.assign = ( "" => "" ) } } /etc/lighttpd/lighttpd.conf changed: server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", ) server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.http-parseopts = ( "header-strict" => "enable",# default "host-strict" => "enable",# default "host-normalize" => "enable",# default "url-normalize-unreserved"=> "enable",# recommended highly "url-normalize-required" => "enable",# recommended "url-ctrls-reject" => "enable",# recommended "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) #"url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) #"url-path-dotseg-reject" => "enable", #"url-query-20-plus" => "enable",# consistency in query string ) index-file.names = ( "index.php", "index.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.conf.pl" include "/etc/lighttpd/conf-enabled/*.conf" server.compat-module-load = "disable" server.modules += ( "mod_compress", "mod_dirlisting", "mod_staticfile", ) -- no debconf information