Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 29976 invoked from network); 24 Aug 2005 04:56:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 Aug 2005 04:56:14 -0000 Received: (qmail 70196 invoked by uid 500); 24 Aug 2005 04:56:06 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 69323 invoked by uid 500); 24 Aug 2005 04:56:04 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 69309 invoked by uid 99); 24 Aug 2005 04:56:04 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Aug 2005 21:56:04 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [69.225.174.131] (HELO x.win.covalent.net) (69.225.174.131) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Aug 2005 21:56:21 -0700 Received: from [192.168.0.21] ([24.13.128.132]) by x.win.covalent.net over TLS secured channel with Microsoft SMTPSVC(5.0.2195.6713); Tue, 23 Aug 2005 21:54:55 -0700 Message-ID: <430BFDA1.7090604@rowe-clan.net> Date: Tue, 23 Aug 2005 23:54:57 -0500 From: "William A. Rowe, Jr." User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc3 (X11/20050720) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@httpd.apache.org References: <7796799a0508231037677dcf98@mail.gmail.com> <430BE307.80101@webthing.com> In-Reply-To: <430BE307.80101@webthing.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Aug 2005 04:54:55.0968 (UTC) FILETIME=[F8D42E00:01C5A867] X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Determining incoming request size X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Nick Kew wrote: > Tony VanScoy wrote: > >> Is it possible to get the size of an incoming request? If so, how >> reliable is it? I was thinking of using Content-Length, but I thought >> I read somewhere that it's up to the browser to set that value. > > Indeed it is. You then read Content-Length bytes. If there are more > bytes on the line, they're just line noise. > > Of course, if you run HTTP/1.1 you may not get a Content-length header. > Apache will dechunk it for you, but you won't know the size in advance. Understand, however, that it's not ambigious If Transfer-Encoding is present, it's not controlled by Content-Length, and the Content-Length would be injected in most spoofing attacks, so it must be ignored. As Nick says, the most common (and only recognized) Transfer-Encoding is 'chunked'. At that point, you simply read to EOF and as he pointed out, it will be the correct length. This is preferred these days, as only the final consumer should be interested in an absolute length. If Transfer-Encoding is absent, and Content-Length is present, Apache will send you the body --- however the length will vary if an input filter has modified the length. Again, Apache sends you all the bytes you need, so you should always read to EOF. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org