Nick Kew wrote:
Tony VanScoy wrote:Is it possible to get the size of an incoming request? If so, how reliable is it? I was thinking of using Content-Length, but I thought I read somewhere that it's up to the browser to set that value.Indeed it is. You then read Content-Length bytes. If there are more bytes on the line, they're just line noise. Of course, if you run HTTP/1.1 you may not get a Content-length header. Apache will dechunk it for you, but you won't know the size in advance.
Understand, however, that it's not ambigious If Transfer-Encoding is present, it's not controlled by Content-Length, and the Content-Length would be injected in most spoofing attacks, so it must be ignored. As Nick says, the most common (and only recognized) Transfer-Encoding is 'chunked'. At that point, you simply read to EOF and as he pointed out, it will be the correct length. This is preferred these days, as only the final consumer should be interested in an absolute length. If Transfer-Encoding is absent, and Content-Length is present, Apache will send you the body --- however the length will vary if an input filter has modified the length. Again, Apache sends you all the bytes you need, so you should always read to EOF. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|