On 10/16/06, Ed Sawicki <[EMAIL PROTECTED]> wrote:
I'm trying to understand the LimitRequestBody directive.
I'm working with the latest versions of Apache 2.0 and 2.3.
I added this line to my httpd.conf file in the main
(server) section - not in a <Directory> container or any
other container:
LimitRequestBody 10
I'm using none of the other Limitxxxx directives.
Then I sent this HTTP request to the server:
POST /cgi-bin/printenv?12345678901234567890 HTTP/1.1
along with the other usual headers typical browsers send.
I received a normal response from the CGI (Perl) script.
I expected it to fail because the request is longer than
10 bytes - but it didn't.
The printenv program returned these relevant headers:
QUERY_STRING="12345678901234567890"
REQUEST_URI="/cgi-bin/printenv?12345678901234567890"
I get the same results when I place the LimitRequestBody
directive in the DocumentRoot <Directory> container or
the /cgi-bin <Directory> container.
What am I doing wrong?
I think you are looking for LimitRequestLine.
LimitRequestBody limits the ... uh... body ... of the request. That
is, the part that comes after the request line and request headers.
In a POST, that is normally where you send data, not in the query
string as you do above. See the HTTP spec for more details about the
terminology.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]