| Summary: | Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Masafumi Miura <mmiura> |
| Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.9 | CC: | bnater, cww, jhouska, jorton, luhliari, mfrodl, ovasik |
| Target Milestone: | rc | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-06-07 22:13:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Quality Engineering Management has reviewed and declined this request. You may appeal this decision by reopening this request. qa_ack- set by mistake. Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com |
### Description of problem: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter. ### Version-Release number of selected component (if applicable): httpd-2.2.15-54.el6_8.x86_64 ### How reproducible: Anytime ### Steps to Reproduce: 1. Configure LimitRequestBody and mod_ext_filter: LimitRequestBody 100 ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g" SetOutputFilter testfilter 2. Prepare a test file which is larger than LimitRequestBody dd if=/dev/zero of=/tmp/testfile bs=1 count=101 3. Sent a POST request with the file curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html ### Actual results: Apache httpd returns "200 OK" ~~~ $ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html ... > POST /test.html HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 127.0.0.1 > Accept: */* > Content-Length: 101 > Expect: 100-continue > < HTTP/1.1 200 OK < Date: Wed, 31 Aug 2016 10:08:21 GMT < Server: Apache/2.2.15 (Red Hat) < Content-Length: 0 < Connection: close < Content-Type: text/html; charset=UTF-8 < ~~~ ### Expected results: Apache httpd should return "413 Request Entity Too Large". ### Additional info: You can workaround this by using mod_substitute instead if it can cover your requirement. For example: ~~~ SetOutputFilter SUBSTITUTE Substitute s/foo/bar/i ~~~