Bug 76976 - content-length limit in httpd 2 is hardcoded to 512KB ?
content-length limit in httpd 2 is hardcoded to 512KB ?
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: httpd (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-10-30 09:51 EST by Need Real Name
Modified: 2007-04-18 12:48 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-10-30 15:36:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-10-30 09:51:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)

Description of problem:

trying to upload a 580KB to a web form page, give me this error 
in /etc/logs/httpd/error:

"Requested content-length of 591836 is larger than the configured limit of 
524288, referer:  http://www.[snipped].com.ar/sistemas/pedidos/carga.phtml"

and I can't find where I can change that limit in /etc/httpd/conf/httpd.conf

note: is NOT a php limit, all php limits are set to 8M

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. just try to upload a file with size >= 520KB with apache 2 in a stock RH 8
2.
3.
	

Additional info:

[root@www conf]# uname -a
Linux www.[snipped].com.ar 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 
i386 GNU/Linux
[root@www conf]# rpm -q httpd
httpd-2.0.40-8
[root@www conf]# rpm -q php
php-4.2.2-8.0.5
Comment 1 Need Real Name 2002-10-30 10:24:48 EST
I've tried using the "LimitRequestBody 0" (no limit) directive 
in httpd.conf, restarting the server, but nothing change, 
it still burf the same error when I try to upload a big file.

(with a small file, everything is rigth)
Comment 2 Need Real Name 2002-10-30 15:36:44 EST
ok, I've inspected the source code of apache, and come to the conclusion that 
the apache that come with rh8 doesn't respect the directive 'LimitRequestBody'.

it doesn't matter the value you set it up, it seems always hardcoded in 512KB

I cannot spot any obvious bug in the source...

http_protocol.c:779
        /* LimitRequestBody does not apply to proxied responses.
         * Consider implementing this check in its own filter.
         * Would adding a directive to limit the size of proxied
         * responses be useful?
         */
        if (!f->r->proxyreq) {
            ctx->limit = ap_get_limit_req_body(f->r);
        }
        else {
            ctx->limit = 0;
        }

http_core.h:240
/**
 * Return the limit on bytes in request msg body
 * @param r The current request
 * @return the maximum number of bytes in the request msg body
 * @deffunc apr_off_t ap_get_limit_req_body(const request_rec *r)
 */
AP_DECLARE(apr_off_t) ap_get_limit_req_body(const request_rec *r);

and finally

http_protocol.c:832
            /* If we have a limit in effect and we know the C-L ahead of
             * time, stop it here if it is invalid.
             */
            if (ctx->limit && ctx->limit < ctx->remaining) {
                apr_bucket_brigade *bb;
                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
                          "Requested content-length of %" APR_OFF_T_FMT
                          " is larger than the configured limit"
                          " of %" APR_OFF_T_FMT, ctx->remaining, ctx->limit);


which is the error I'm seeing !!

/sergio
Comment 3 Joe Orton 2002-11-01 09:01:23 EST
This limit is enforced by default for PHP scripts: look at
/etc/httpd/conf.d/php.conf, which has:

LimitRequestBody 524288

Comment 4 Need Real Name 2002-11-01 09:31:06 EST
OOoooouuch !!!
Comment 5 Joe Orton 2002-11-01 09:33:43 EST
(this is since the PHP module for Apache 2.0 buffers all request data in memory,
so this limit is applied by default to prevent a denial of service attack)

Note You need to log in before you can comment on or make changes to this bug.