Bug 38594 - Error reading request body, error code 70007: The timeout specified has expired
Summary: Error reading request body, error code 70007: The timeout specified has expired
Status: CLOSED INVALID
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Other Modules (show other bugs)
Version: 2.0.47
Hardware: Other AIX
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: ErrorMessage
Depends on:
Blocks:
 
Reported: 2006-02-09 16:35 UTC by Paul Lewandowski
Modified: 2006-02-09 08:10 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Lewandowski 2006-02-09 16:35:55 UTC
We are running IBM_HTTP_Server/2.0.47.1-PK07831 Apache/2.0.47 (Unix).  We are 
in the process of implementing mod_security for the first time to prevent cross-
site scripting and in about 1 in 10 times of serving up a page (happens with 
several pages, non-ssl involving POST calls) you will get the following error 
in the error_log: 

[Thu Feb 09 08:57:58 2006] [error] [client 10.2.140.218] mod_security: Access 
denied with code 404. Error reading request
 body, error code 70007: The timeout specified has expired 
[hostname "esws001a.kohls.com"] [uri "/products/product_page_v
anilla3.jsp"] [unique_id "xLSchgoBvuUAAJnmWMcAAAA2"]

Here is one of several sample entries from the access_log that correlates with 
the above error (note that this was about 300 sec. earlier):

10.2.140.218 - - [09/Feb/2006:08:52:58 -
0600] "POST /products/product_page_vanilla3.jsp HTTP/1.1" 404 
349 "http://esws001
a.kohls.com/products/product_page_vanilla3.jsp" "Mozilla/4.0 (compatible; MSIE 
6.0; Windows NT 5.0; T312461)""SignOnDefau
lt=GUEST; kSufsaCount=0; CookiesONOFF=ON; 
kohls_customer_satisfaction_invitation=reject; webiq_invitation=reject; JSESSIO
NID=0000GAVWMBE00SRYZ4RHBJYBH5Y:tvcjhf84; 231Lottery=yes; 
cmRS=&t1=1139496768532&t2=1139496768572&t3=1139496778376&t4=113
9496768272&fti=1139496778376&fn=keyword_dept_search%3A0%3Badd_to_cart%3A1%
3B&ac=0:S&fd=&uer=&fu=/products/product_page_va
nilla3.jsp&pi=&ho=test.coremetrics.com/cm%3F&ci=90086977&ul=http%
3A//esws001a.kohls.com/products/product_page_vanilla3.js
p&rf=http%3A//esws001a.kohls.com/products/product_page_vanilla3.jsp"

Along with implementing mod_security we have also upgraded HTTP Server from 
1.3.19 to 2.0.47.1 and have upgraded AIX 4.3.3 to AIX 5.2.0.7.

Any suggestions are welcome.  Please let me know if you need any additional 
information.

Thanks.

Paul
Comment 1 Paul Lewandowski 2006-02-09 16:38:49 UTC
Mod security is version 1.9.1

Here is the entry from the plugin.log file:

[Thu Feb 09 07:03:07 2006] [notice] mod_security/1.9.1 configured
Comment 2 Jeff Trawick 2006-02-09 17:09:55 UTC
IBM HTTP Server is not supported here.  Neither are any other Apache-based
web servers, which are supported by their respective vendors.

mod_security is not supported here either, though I couldn't say if this has
anything to do with mod_security (or even the web server, for that matter).