Re: httpd configuration question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On September 27, 2011 17:47 , Al Dispennette <Al.Dispennette@xxxxxxxxxxxxx> wrote:

Below I have two location match tags that I would like to use to control the flow of information as it enters my apache servers. The problem though is that when I restart the servers I get an error saying that the limit request field variable is not permitted inside the location match tag. This seems to me like a problem. If I have one page that has a large amount of data being passed in a single field and another page that has a small amount of data in a large number of fields. How am I supposed to accommodate that without increasing both globally?


Is it really necessary to try exert this degree of control? Would it be bad for you to leave LimitRequestBody, LimitRequestFields (note the "s" at the end of the directive name, you were missing the "s" in the configuration you included in your original message), and LimitRequestFieldSize?

LimitRequestFields and LimitRequestFieldSize can only be used in the server configuration and virtual host contexts; they cannot be used in directory context or .htaccess context. To use a directive in a <Location> or <LocationMatch> stanza, the directive has to be one that can be used in directory context. So the behavior your are observing is correct, per the documentation. If I were to guess as to why these directives are not supported in directory context, my guess would be because they both impose limits on HTTP request headers. HTTP request headers are read very early in Apache HTTP Server's request processing loop, long before URL rewriting or URL-to-filesystem path mapping are done; these things would have to be taken into account in order to allow the directives to be used in directory context. Since these requests are intended (per the documentation) to avoid some forms denial of service attacks, it makes sense to deny the request as soon as the headers are read and not do all the additional processing that would need to be done to figure out the URL-path and/or filesystem-path before knowing whether the request applied to one or more of the <Directory>, <DirectoryMatch>, <Location>, <LocationMatch>, <Proxy>, or <ProxyMatch> stanzas -- or one or more of the .htaccess files -- that might wind up applying to the request.

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux