httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50870] New: Content-Lenght specified in a GET request makes the listener to wait until the timeout.
Date Fri, 04 Mar 2011 12:25:57 GMT

           Summary: Content-Lenght specified in a GET request makes the
                    listener to wait until the timeout.
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core

It seems possible to make the apache child to wait until the timeout if the
Content-Lenght is specified inside a GET request. I perfectly know that the
RFC2616 is not explicitely forbidding to provide a content-lenght to the GET
request. The problem is a GET request with a content-lenght just takes some
dozens of bytes, and then this makes that easy to produce DDOS. 

This makes possible , expecially in the prefork configuration, to easily make
all the childs busy in a server with some KB/s of bandwidth.

This happens even forbidding to have a Content-Lenght in the GET request with a
rewriterules, or to setting mod_security to block this: the listener stays busy
until the timeout expires.

This is an example with 90 secs of timeout. To reproduce it is easy.

time curl -v someserver:80  -H'Content-Length: 59'
* About to connect() to localhost port 13091
*   Trying connected
* Connected to localhost ( port 13091
> GET / HTTP/1.1
> User-Agent: curl/7.15.3 (sparc-sun-solaris2.9) libcurl/7.15.3 OpenSSL/0.9.8a zlib/1.2.3
> Host: someserver:80
> Accept: */*
> Content-Length: 59
< HTTP/1.1 403 Forbidden
< Date: Fri, 04 Mar 2011 11:51:26 GMT
< Content-Length: 202
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<title>403 Forbidden</title>
<p>You don't have permission to access /
on this server.</p>
* Closing connection #0

real    1m30.862s
user    0m0.028s
sys     0m0.032s

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message