Hide Forgot
### Description of problem: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter. ### Version-Release number of selected component (if applicable): httpd-2.4.6-40.el7_2.4.x86_64 ### How reproducible: Anytime ### Steps to Reproduce: 1. Configure LimitRequestBody and mod_ext_filter: LimitRequestBody 100 ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g" SetOutputFilter testfilter 2. Prepare a test file which is larger than LimitRequestBody dd if=/dev/zero of=/tmp/testfile bs=1 count=101 3. Sent a POST request with the file curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html ### Actual results: Apache httpd returns "200 OK" ~~~ $ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html ... > POST /test.html HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 127.0.0.1 > Accept: */* > Content-Length: 101 > Expect: 100-continue > < HTTP/1.1 200 OK < Date: Wed, 31 Aug 2016 10:08:21 GMT < Server: Apache/2.2.15 (Red Hat) < Content-Length: 0 < Connection: close < Content-Type: text/html; charset=UTF-8 < ~~~ ### Expected results: Apache httpd should return "413 Request Entity Too Large". ### Additional info: You can workaround this by using mod_substitute instead if it can cover your requirement. For example: ~~~ SetOutputFilter SUBSTITUTE Substitute s/foo/bar/i ~~~
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2175