Re: [users@httpd] Apache 2.0.54 creating =?utf-8,iso-8859-1?q?=22Bad=20request=22?= on POST over 8kb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/21/05, Tuomas J Rinta <trinta@xxxxxxxxxxxxxx> wrote:
> Running Apache 2.0.54 on Debian Linux.
>
> A while ago I posted a message here asking about "request failed: error
> reading the headers" which was caused by Apache being unable to read
> POST-requests that were large. I suspected that this was Not My Fault(tm) as
> it was mostly with the users using a specific ISP. Now I did some more
> checking and it seems that the requests are coming to the server all right,
> it's Apache that's freaking out. It took me a while to pinpoint the problem
> as some requests worked, some didn't until I wrote a small app that does
> POST requests to my server and logs the response codes. I realized that when
> the size of the POST request reached ~8kb, Apache would respond with a "400:
> Bad request". The problem though was that when doing a large POST request
> with my browser, everything worked fine.
>
> This was because my app wasn't sending a Content-Length-header and my
> browser was. Apparently Apache can't handle the POST request if it is ~8kb
> or over AND it doesn't have the Content-Length-header set.

I'm not a protocol expert, but what surprises me here is that apache
is accepting any POST at all without a content length.  See RFC2616
section 4.4.  POSTs must contain either a content-length, or (if the
client is sure the server is HTTP/1.1) a transfer-encoding: chunked. 
This is a basic restriction of the protocol and can't be avoided.

A proxy that strips content length and doesn't convert the body to
chunked encoding is very broken and probably won't work with any
server.  (Even if it does convert to chunked encoding, it is still
likely to run into problems.)

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux