Bug 56872 - Small request bodies bypass DeflateInflateLimitRequestBody
Summary: Small request bodies bypass DeflateInflateLimitRequestBody
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_deflate (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2014-08-19 20:05 UTC by Edward Lu
Modified: 2015-06-25 06:04 UTC (History)
1 user (show)



Attachments
Fix small files bypassing DeflateInflateLimitRequestBody (3.13 KB, patch)
2014-08-19 20:05 UTC, Edward Lu
Details | Diff
Fix small files bypassing DeflateInflateLimitRequestBody (3.17 KB, patch)
2014-08-20 13:11 UTC, Edward Lu
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Edward Lu 2014-08-19 20:05:06 UTC
Created attachment 31931 [details]
Fix small files bypassing DeflateInflateLimitRequestBody

If DeflateInflateLimitRequestBody (or LimitRequestBody) is specified with a value under 8192 and a deflated request body above that limit but below 8192 is passed in, the request is accepted. For example, if "LimitRequestBody 2048" is specified, and a gzipped 8000-byte file is used in the request body, the server will not complain.
Comment 1 Edward Lu 2014-08-20 13:11:14 UTC
Created attachment 31934 [details]
Fix small files bypassing DeflateInflateLimitRequestBody

Removed one more line than I should have
Comment 2 Christophe JAILLET 2015-02-19 19:45:35 UTC
Applied in trunk r1619383
Comment 3 Yann Ylavic 2015-02-25 16:02:20 UTC
Backport proposed in r1662248.
Comment 4 Christophe JAILLET 2015-06-25 06:04:02 UTC
This is part of the (unreleased) 2.4.13
backport in r1669555