On Sat, 27 Oct 2001, William A. Rowe, Jr. wrote: > Requesting this; > > POST /cgi-bin/printenv.pl HTTP/1.1 > Content-Length:80 > Host:localhost > > and stalling, I get a 5 minute pause, followed by; > > HTTP/1.1 200 OK > Date: Sat, 27 Oct 2001 16:55:02 GMT > Server: Apache/2.0.27-dev (Win32) DAV/2 mod_ssl/3.0a0 OpenSSL/0.9.6b > Content-Length: 1553 > Connection: close > Content-Type: text/plain; charset=ISO-8859-1 > > [content snipped] > > Now that's not pretty. Why are we returning 200 when the input is insufficient > for properly handling the request??? We strip the content-length, so the cgi > wouldn't know what to expect; it can't handle the error itself!!! > > Correction, we don't strip the content length ??? >
> Jon, try from CVS head, I suspect the timeout may have been fixed since you > first observed this behavior. As for other unacceptable behaviors, well... You are on Win32. Unix may be broken. Haven't checked. > > Thoughts anyone? I'd expect such a request to 400 out. 408. Which will be logged, and may or may not be sent to the client. Also note that I seem to recall some suggestions to hardcode the post-to-a-page-that-doesn't-take-posts case to act as if there were no request body to read. Don't do that. Not only is it unnecessary and just a symptom of a deeper problem, but we need to read the request body always or error out in a way that closes the connection (and the second is last resort only).
