|Summary:||Default body_min_rate not enabled in mod_reqtimeout|
|Product:||Apache httpd-2||Reporter:||Oliver H <oliver>|
|Component:||mod_reqtimeout||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
|Attachments:||Fix reqtimeout macros lowercase|
Description Oliver H 2019-04-08 16:46:26 UTC
The changes to mod_reqtimeout made in 2.4.39 (as per bug 61310) have no default for the body_min_rate parameter, contrary to both the documentation and the behaviour of <=2.4.38. This means that if no explicit RequestReadTimeout statement is made in httpd.conf, by default the server will return a 408 timeout after 20s even if the client is actively sending data to the server (e.g. for a large file upload). I found this bug when users reported they could no longer upload files to our websites. I have tested under a fresh install of both Linux (Ubuntu) and FreeBSD (11 and 12). While some distributions such as ubuntu explicitly define RequestReadTimeout in their default config, the documentation states the default is body=20,minrate=500 (which was correct for <=2.4.38). This means 2.4.39 breaks file uploads where the documented default is relied on, which is why I've marked this bug as major. WORKAROUND: Explicitly set the default: RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500 in httpd.conf and reload. It looks like the changes made to mod_reqtimeout in 2.4.39 were fairly major in order to incorporate the new "handshake" stage, so although I've tried, I'm afraid I'm unable to see where the problem might lie. Sorry I can't be more help diagnosing this. Many thanks.
Comment 1 Yann Ylavic 2019-04-08 17:39:13 UTC
Thanks for the report. Do you set RequestReadTimeout partly (e.g. body= but no ,MinRate=) or not at all?
Comment 2 Oliver H 2019-04-08 17:59:24 UTC
I would assume that defining a simple body=20 would automatically stop minrate from working, so no: my report is based on when there are no RequestReadTimeout declarations in any conf file (I grepped thoroughly to confirm). Oliver
Comment 3 Yann Ylavic 2019-04-08 18:31:46 UTC
Created attachment 36514 [details] Fix reqtimeout macros lowercase The macros MRT_DEFAULT_*_MIN_RATE which contain the default value were partially made lowercase for some magic, unfortunately the ones tested in reqtimeout_hooks() were not renammed, hence the bug. Could you please try with this patch?
Comment 4 Yann Ylavic 2019-04-08 18:47:18 UTC
Fixed in r1857129, will propose a backport to next 2.4.x.
Comment 5 Oliver H 2019-04-09 08:49:20 UTC
Huge thanks for the quick work, I can confirm the patch fixes the issue.