Summary: | byterange filter buffers response in memory | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Filip Sneppe <filip.sneppe> |
Component: | Core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED FIXED | ||
Severity: | major | CC: | jh2 |
Priority: | P3 | ||
Version: | 2.0.54 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows XP | ||
Attachments: | Byterange patch for Apache 2.0.x |
Description
Filip Sneppe
2004-07-07 21:39:29 UTC
Yes, this is a problem with the byterange filter in 2.0, it will buffer the entire response in memory. I am just wondering if there is currently *any* workaround for this ? A directive that disables byterange support ? Because, isn't this a serious security issue in itself ? It means any user that can send http requests to an apache proxy can DoS it by sending even a limited number of specially crafted requests that download some large files somewhere... You can DoS any HTTP server very easy. One could say, that's part of the protocol ;-) Anyway, RequestHeader unset Range or somehting like this should work for you. Don't forget Header unset Accept-Ranges so the server isn't telling porkies about its capabilities I appear to be experiencing a similar problem when my users submit files to the server. I've noticed that a submitted assignment (POST), which has an attached word document, appears to cause one of the apache processes to inflate to between 300 - 750 megabytes in size. This does not appear to be equal to the size of the attachment. I hunted down the problem, it was an error in a purchased PHP script that loaded the entire contents of our of our db tables into memory (which is now approaching the 800 megabytes threshhold). However, when the script terminated that memory was not being released by Apache 2.0.51. The byterange filter memory consumption issue is now fixed for 2.1.5. http://svn.apache.org/viewcvs?rev=188797&view=rev Created attachment 16102 [details]
Byterange patch for Apache 2.0.x
I hope Joe won't mind if I post a version of the patch which he modified to
work with the Apache 2.0.x branch. Thanks, Joe!
Now merged for 2.0.55. Thanks for the report. I'm not sure that this has been fixed, I've downloaded the patch and have it applied yet, it still runs amuck. I checked on my server this morning, and there sat a process in apache holding onto 635MB of data. Maybe this bug is occuring somewhere else. I am in no way capable of tracking that down, but I do know it's still occuring. |