Bug 63840 - mod_headers sends duplicate headers with 413 status code
Summary: mod_headers sends duplicate headers with 413 status code
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_headers (show other bugs)
Version: 2.4.41
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-12 11:48 UTC by Mark Jenkins
Modified: 2019-10-15 15:39 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Jenkins 2019-10-12 11:48:37 UTC
Headers configured with "Header always set" are duplicated when status code 413 occurs:

Main server config:

Header always set X-Robots-Tag none
LimitRequestBody 4096


Create files 4k and 5k in size:

$ dd if=/dev/zero of=/tmp/4k.bin bs=1024 count=4
4+0 records in
4+0 records out
4096 bytes (4.1 kB, 4.0 KiB) copied, 9.6849e-05 s, 42.3 MB/s
$ dd if=/dev/zero of=/tmp/5k.bin bs=1024 count=5
5+0 records in
5+0 records out
5120 bytes (5.1 kB, 5.0 KiB) copied, 0.000101331 s, 50.5 MB/s

POST 4k file -> OK, X-Robots-Tag header only once.

$ curl -v -X POST http://localhost/ --data-binary @/tmp/4k.bin
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> POST / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.65.3
> Accept: */*
> Content-Length: 4096
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 12 Oct 2019 11:31:24 GMT
< Server: Apache/2.4.41 (Fedora)
< X-Robots-Tag: none
< Last-Modified: Sat, 12 Oct 2019 11:29:54 GMT
< ETag: "0-594b4f42530f6"
< Accept-Ranges: bytes
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
< 
* Connection #0 to host localhost left intact


POST 5k file -> Request Entity Too Large, as expected, but X-Robots-Tag twice:

$ curl -v -X POST http://localhost/ --data-binary @/tmp/5k.bin
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> POST / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.65.3
> Accept: */*
> Content-Length: 5120
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 413 Request Entity Too Large
< Date: Sat, 12 Oct 2019 11:31:34 GMT
< Server: Apache/2.4.41 (Fedora)
< X-Robots-Tag: none
< X-Robots-Tag: none
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource does not allow request data with POST requests, or the amount of data provided in
the request exceeds the capacity limit.
</body></html>
* Closing connection 0
Comment 1 Luca Toscano 2019-10-15 15:39:08 UTC
Hi Mark,

http://svn.apache.org/r1832092 is only in trunk but it could help. Any chance that you could rebuild your httpd with the patch and report back if it fixes the issue?