Bug 1371873 - Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter
Summary: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when e...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: httpd
Version: 6.9
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Luboš Uhliarik
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-31 10:20 UTC by Masafumi Miura
Modified: 2019-12-16 06:34 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-07 22:13:41 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Masafumi Miura 2016-08-31 10:20:31 UTC 
### Description of problem:

Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter.


### Version-Release number of selected component (if applicable):

httpd-2.2.15-54.el6_8.x86_64


### How reproducible:

Anytime


### Steps to Reproduce:

1. Configure LimitRequestBody and mod_ext_filter:

    LimitRequestBody 100
    ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g"
    SetOutputFilter testfilter

2. Prepare a test file which is larger than LimitRequestBody

    dd if=/dev/zero of=/tmp/testfile bs=1 count=101

3. Sent a POST request with the file 

    curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html


### Actual results:

Apache httpd returns "200 OK"

~~~
$ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html
...
> POST /test.html HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 127.0.0.1
> Accept: */*
> Content-Length: 101
> Expect: 100-continue
> 
< HTTP/1.1 200 OK
< Date: Wed, 31 Aug 2016 10:08:21 GMT
< Server: Apache/2.2.15 (Red Hat)
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
~~~


### Expected results:

Apache httpd should return "413 Request Entity Too Large".


### Additional info:

You can workaround this by using mod_substitute instead if it can cover your requirement. For example:

~~~
SetOutputFilter SUBSTITUTE
Substitute s/foo/bar/i
~~~
Comment 4 Red Hat Bugzilla Rules Engine 2016-12-14 13:30:51 UTC 
Quality Engineering Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Comment 5 Branislav Náter 2016-12-14 13:44:32 UTC 
qa_ack- set by mistake.
Comment 7 Chris Williams 2017-06-07 22:13:41 UTC 
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification.  Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com
Note You need to log in before you can comment on or make changes to this bug.