Hide Forgot
### Description of problem: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter. ### Version-Release number of selected component (if applicable): httpd-2.2.15-54.el6_8.x86_64 ### How reproducible: Anytime ### Steps to Reproduce: 1. Configure LimitRequestBody and mod_ext_filter: LimitRequestBody 100 ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g" SetOutputFilter testfilter 2. Prepare a test file which is larger than LimitRequestBody dd if=/dev/zero of=/tmp/testfile bs=1 count=101 3. Sent a POST request with the file curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html ### Actual results: Apache httpd returns "200 OK" ~~~ $ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html ... > POST /test.html HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 127.0.0.1 > Accept: */* > Content-Length: 101 > Expect: 100-continue > < HTTP/1.1 200 OK < Date: Wed, 31 Aug 2016 10:08:21 GMT < Server: Apache/2.2.15 (Red Hat) < Content-Length: 0 < Connection: close < Content-Type: text/html; charset=UTF-8 < ~~~ ### Expected results: Apache httpd should return "413 Request Entity Too Large". ### Additional info: You can workaround this by using mod_substitute instead if it can cover your requirement. For example: ~~~ SetOutputFilter SUBSTITUTE Substitute s/foo/bar/i ~~~
Quality Engineering Management has reviewed and declined this request. You may appeal this decision by reopening this request.
qa_ack- set by mistake.
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com