httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edgar Frank <>
Subject Problem with mod_fcgid handling ErrorDocuments
Date Tue, 06 Jul 2010 12:56:59 GMT
Hi mod_fcgid developers,

I'm currently exploring a potential problem with mod_fcgid.
Let's assume a setup with mod_security and mod_fcgid
(has nothing to do with mod_security itself - it just helps to
trigger the problem).

Now we have a large POST request which mod_security blocks
(by SecRequestBodyLimit) with "413 Request Entity Too Large".

The ErrorDocument for 413 is configured to a Location which
mod_fcgid serves. (Please don't argue that it's this way - I know
the problems and I'm not happy with it, but it's not my decision
to do it that way.)

HTTPD issues a GET subrequest for the ErrorDocument and
mod_fcgid kicks in. But now it starts consuming the request body
we just blocked - or if the request body size is larger than
FcgidMaxRequestLen, ErrorDocument generation fails.

I wonder how to circumvent this. In fcgid_bridge.c:bridge_request
I found:

if (role == FCGI_RESPONDER) {
 rc = add_request_body( [...] );

Could one change this to something like the following without
causing trouble?

if (role == FCGI_RESPONDER && !ap_is_HTTP_ERROR(r->status)) {
 rc = add_request_body( [...] );

Or maybe something like a HTTP method check? (Is there a
reliable way to detect if we're in ErrorDocument generation
anyway?) But at this point we have put the Content-Length header
already into the stream to the FCGI backend, so one would also
have to take action earlier.

What do you think in general of handling this? I'd really
appreciate an elaborate answer - if you find it fix-worthy,
first ideas how to fix it - and if not, why not. 


mod_fcgid 2.3.5
with httpd 2.2.15
on CentOS 5.4 x64
built from source with gcc 4.2.4

View raw message