William A. Rowe, Jr. wrote: > It's far easier for your filter to simply 'peek' into the posted body as the final > handler is reading it. Decide what you want to keep/use/discard, and let > that handler have the entire post'ed body to do with as it will.
The problem that I am facing is a bit like the whole chicken and egg problem. The problem is that my module MAY make a decision on which handler should handle the request based on name/value pairs in the POSTed body. The module decides if it should handle the request itself, or if it should allow the "regular" handler to handle the request. This decision currently occurs in the fixup phase before the final handler is invoked. I certainly agree with the DoS danger, however in this specific case, the modules implementation would set a _practical_ limit on the amount of post body data that it would bother to read/buffer because it is meant to work on regular html <form> name/value pairs. -----Original Message----- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 7:06 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Peek at POSTed data At 06:36 PM 6/16/2003, Michael Corcoran wrote: >Would it be possible to (or how would I?) be able to implement a function that would >have a prototype similar to ap_reset_post_body(request_rec, void *, int); This >function could be called after someone has already run through the full >ap_should_client_block/ap_get_client_block/etc. procedure calls and drained the >socket of any post body data. The function would cause Apache to think that none of >the above functions had been called yet and use the buffer provided as if it was the >data sent by the user. Use what buffer? It's up to you to insert a filter to 'buffer' the request. Consider that a post body might be 250 bytes, and it might be 250MB. Where does Apache draw the line, and what would you have 'us' do when it's exceeded? It's far easier for your filter to simply 'peek' into the posted body as the final handler is reading it. Decide what you want to keep/use/discard, and let that handler have the entire post'ed body to do with as it will. If you want to buffer it yourself in a filter, you need to consider what are the thresholds for setting aside the data in a tempfile, or discarding them, or simply keeping them in memory. Bill Bill
