DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39243>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243 ------- Additional Comments From [EMAIL PROTECTED] 2006-07-14 14:18 ------- > what is your input on changing the limit to 256K? Would that be > sufficient or not? No. We're looking at megabyte SOAP POSTs. > Overloading LimitRequestBody for such a purpose is not acceptable, > no - the default is unlimited. With that overload idea, the default value of zero (unlimited) would be translated to the hard-coded value to protect against DOS attempts. Defining a positive size for LimitRequestBody would allow that size to be buffered for POSTs in mod_ssl (because it seems sensible to keep functioning up to the specified limit). I had something along these lines in mind: --- httpd-2.0.46/modules/ssl/ssl_engine_io.c.old ... +++ httpd-2.0.46/modules/ssl/ssl_engine_io.c.new ... @@ -1395,8 +1395,17 @@ struct modssl_buffer_ctx *ctx; apr_bucket_brigade *tempb; apr_off_t total = 0; /* total length buffered */ + apr_off_t max_ssl_buffered = 0; /* Maximum allowed memory buffering of ssl data. */ int eos = 0; /* non-zero once EOS is seen */ + max_ssl_buffered = ap_get_limit_req_body( r ); + + if (max_ssl_buffered == 0) { + /* If undefined/unlimited, use default limit to defend against + * DOS attempts. */ + max_ssl_buffered = SSL_MAX_IO_BUFFER; + } + /* Create the context which will be passed to the input filter. */ ctx = apr_palloc(r->pool, sizeof *ctx); ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc); @@ -1460,7 +1469,7 @@ total, eos); /* Fail if this exceeds the maximum buffer size. */ - if (total > SSL_MAX_IO_BUFFER) { + if (total > max_ssl_buffered) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "request body exceeds maximum size for SSL buffer"); return HTTP_REQUEST_ENTITY_TOO_LARGE; -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
