Bug 76976 - content-length limit in httpd 2 is hardcoded to 512KB ?
Summary: content-length limit in httpd 2 is hardcoded to 512KB ?
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: httpd
Version: 8.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-10-30 14:51 UTC by Need Real Name
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-10-30 20:36:51 UTC
Embargoed:

Attachments (Terms of Use)

Description Need Real Name 2002-10-30 14:51:07 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)

Description of problem:

trying to upload a 580KB to a web form page, give me this error 
in /etc/logs/httpd/error:

"Requested content-length of 591836 is larger than the configured limit of 
524288, referer:  http://www.[snipped].com.ar/sistemas/pedidos/carga.phtml"

and I can't find where I can change that limit in /etc/httpd/conf/httpd.conf

note: is NOT a php limit, all php limits are set to 8M

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. just try to upload a file with size >= 520KB with apache 2 in a stock RH 8
2.
3.
	

Additional info:

[root@www conf]# uname -a
Linux www.[snipped].com.ar 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 
i386 GNU/Linux
[root@www conf]# rpm -q httpd
httpd-2.0.40-8
[root@www conf]# rpm -q php
php-4.2.2-8.0.5
Comment 1 Need Real Name 2002-10-30 15:24:48 UTC 
I've tried using the "LimitRequestBody 0" (no limit) directive 
in httpd.conf, restarting the server, but nothing change, 
it still burf the same error when I try to upload a big file.

(with a small file, everything is rigth)
Comment 2 Need Real Name 2002-10-30 20:36:44 UTC 
ok, I've inspected the source code of apache, and come to the conclusion that 
the apache that come with rh8 doesn't respect the directive 'LimitRequestBody'.

it doesn't matter the value you set it up, it seems always hardcoded in 512KB

I cannot spot any obvious bug in the source...

http_protocol.c:779
        /* LimitRequestBody does not apply to proxied responses.
         * Consider implementing this check in its own filter.
         * Would adding a directive to limit the size of proxied
         * responses be useful?
         */
        if (!f->r->proxyreq) {
            ctx->limit = ap_get_limit_req_body(f->r);
        }
        else {
            ctx->limit = 0;
        }

http_core.h:240
/**
 * Return the limit on bytes in request msg body
 * @param r The current request
 * @return the maximum number of bytes in the request msg body
 * @deffunc apr_off_t ap_get_limit_req_body(const request_rec *r)
 */
AP_DECLARE(apr_off_t) ap_get_limit_req_body(const request_rec *r);

and finally

http_protocol.c:832
            /* If we have a limit in effect and we know the C-L ahead of
             * time, stop it here if it is invalid.
             */
            if (ctx->limit && ctx->limit < ctx->remaining) {
                apr_bucket_brigade *bb;
                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
                          "Requested content-length of %" APR_OFF_T_FMT
                          " is larger than the configured limit"
                          " of %" APR_OFF_T_FMT, ctx->remaining, ctx->limit);


which is the error I'm seeing !!

/sergio
Comment 3 Joe Orton 2002-11-01 14:01:23 UTC 
This limit is enforced by default for PHP scripts: look at
/etc/httpd/conf.d/php.conf, which has:

LimitRequestBody 524288
Comment 4 Need Real Name 2002-11-01 14:31:06 UTC 
OOoooouuch !!!
Comment 5 Joe Orton 2002-11-01 14:33:43 UTC 
(this is since the PHP module for Apache 2.0 buffers all request data in memory,
so this limit is applied by default to prevent a denial of service attack)
Note You need to log in before you can comment on or make changes to this bug.