httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Erenkrantz" <>
Subject Re: C-L or T-E: chunked for proxied request bodies
Date Sun, 02 Jan 2005 19:31:36 GMT
> On Sat, 1 Jan 2005, Roy T.Fielding wrote:
>> On Jan 1, 2005, at 1:38 PM, Justin Erenkrantz wrote:
>> > Apache 1.3 does not support chunked request bodies.  (All 2.x GA
>> > releases
>> > do though.)  So, that factors very much in the reason that I don't
>> > think
>> > we should send chunks by default: all requests  to 1.3.x would receive
>> > some 4xx (413??) error if we tried to pass chunks.  -- justin
>> Umm, yes it does support chunked request bodies -- I wrote that code
>> long before 2.0 even started.  Only the CGI module doesn't support it
>> because CGI depends on knowing the length in advance.
> Exactly... it definitely does support chunked request bodies.  Remember
> CVE-2002-0392?

Well, it depends upon which httpd modules are installed.  For example, a
server with PHP installed will break because PHP forbids chunking:

The offending code is at line 595 of mod_php5.c:

if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR))) {

Here's a POST request against

% telnet 80
Connected to
Escape character is '^]'.
POST /submit-event.php HTTP/1.1
Transfer-Encoding: chunked

HTTP/1.1 411 Length Required
Date: Sun, 02 Jan 2005 19:19:35 GMT
Server: Apache/1.3.26 (Unix) mod_gzip/ PHP/4.3.3-dev
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

<TITLE>411 Length Required</TITLE>
<H1>Length Required</H1>
A request of the requested method POST requires a valid Content-length.<P>
chunked Transfer-Encoding forbidden: /submit-event.php<P>


Connection closed by foreign host.

And, here's a beauty:

% telnet 80
Connected to
Escape character is '^]'.
GET / HTTP/1.1
Transfer-Encoding: chunked

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Sun, 02 Jan 2005 19:13:28 GMT
Connection: close

<html><head><title>Error</title></head><body>The system
cannot find the
file specified.


Turning on sendchunks by default is going to result in broken behavior on
all sorts of popular sites: anything with PHP or IIS installed.  Perhaps
it might be worth it to do a 'retry' mechanism: try with the T-E: chunked
and if we get a 4xx response, then try with C-L.  I don't know how that'd
work though.

But, chunked request bodies don't work in practice.  -- justin

View raw message