httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Erenkrantz" <jus...@erenkrantz.com>
Subject Re: C-L or T-E: chunked for proxied request bodies
Date Sun, 02 Jan 2005 19:31:36 GMT
> On Sat, 1 Jan 2005, Roy T.Fielding wrote:
>
>> On Jan 1, 2005, at 1:38 PM, Justin Erenkrantz wrote:
>> > Apache 1.3 does not support chunked request bodies.  (All 2.x GA
>> > releases
>> > do though.)  So, that factors very much in the reason that I don't
>> > think
>> > we should send chunks by default: all requests  to 1.3.x would receive
>> > some 4xx (413??) error if we tried to pass chunks.  -- justin
>>
>> Umm, yes it does support chunked request bodies -- I wrote that code
>> long before 2.0 even started.  Only the CGI module doesn't support it
>> because CGI depends on knowing the length in advance.
>
> Exactly... it definitely does support chunked request bodies.  Remember
> CVE-2002-0392?

Well, it depends upon which httpd modules are installed.  For example, a
server with PHP installed will break because PHP forbids chunking:

The offending code is at line 595 of mod_php5.c:
http://cvs.php.net/co.php/php-src/sapi/apache/mod_php5.c?r=1.12:

...
if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR))) {
...

Here's a POST request against php.net:

% telnet www.php.net 80
Trying 64.246.30.37...
Connected to rs1.php.net.
Escape character is '^]'.
POST /submit-event.php HTTP/1.1
Host: www.php.net
Transfer-Encoding: chunked

HTTP/1.1 411 Length Required
Date: Sun, 02 Jan 2005 19:19:35 GMT
Server: Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

11e
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>411 Length Required</TITLE>
</HEAD><BODY>
<H1>Length Required</H1>
A request of the requested method POST requires a valid Content-length.<P>
chunked Transfer-Encoding forbidden: /submit-event.php<P>
</BODY></HTML>

0

Connection closed by foreign host.

And, here's a beauty:

% telnet www.microsoft.com 80
Trying 207.46.250.222...
Connected to origin2.microsoft.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.microsoft.com
Transfer-Encoding: chunked

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Sun, 02 Jan 2005 19:13:28 GMT
Connection: close

<html><head><title>Error</title></head><body>The system
cannot find the
file specified.
</body></html>

---

Turning on sendchunks by default is going to result in broken behavior on
all sorts of popular sites: anything with PHP or IIS installed.  Perhaps
it might be worth it to do a 'retry' mechanism: try with the T-E: chunked
and if we get a 4xx response, then try with C-L.  I don't know how that'd
work though.

But, chunked request bodies don't work in practice.  -- justin


Mime
View raw message