When a CGI script runs for a long time and the user clicks the "Stop" or "Back" button in the browser before it ends, the server fails to terminate the CGI process on the server, even if the CGI script is frequently writing back lines. Here's a sample partial CGI script: $| = 1; print "<pre>\n": foreach (1 .. 50) { print "line $_\n"; sleep (1); } This script continues to run even if the user has clicked "Stop" in the browser 5 seconds into the process. I remember fixing this problem in Apache 1.3 by closing the right process handle. But since 1.3 was not able to have unbuffered I/O to write back to the HTTP server process immediately, the fix was not useful for 1.3 anyway. Now that 2.0 seems to be able to have unbuffered IO for CGI output (finally!), fixing this bug would be extremely helpful, especially in defeating MS. This is a killer shortcoming of IIS where a run-away CGI script can never be terminated except the pre-defined "cut-off" time for all scripts.
I wonder if this is caused by the same thing as bug 8253 (r->connection->aborted not set)?
[This is a mass bug update.] This bug reports a problem in an older version of Apache 2. Could you please update to the most recent version and see if you can reproduce this problem. If the bug still exists, please update the bug with the latest version number. If the bug no longer exists, please close the bug report. Sorry for this impersonal response, but we get many more bug reports than our volunteers can keep up with. Thanks for using Apache!
With some fixes committed this morning to mod_cgi.c and server/protocol.c, the CGI script is normally terminated when using mod_cgi. There may be some paths in mod_cgi that aren't fixed, and mod_cgid is definitely still broken.
I don't know why this bug is not being considered. I now try to post it as a Linux/Apache 2.0 bug, since it is to be found there too, in case that will draw more interest. I would think it is a major problem that Apache can not run cgi-scripts with keep-alive, and I would like our technical department to be able to upgrade our apache installations (for security fixes etc) without me having to patch it first. I am not sufficiently aware of the purpose of the problematic code to propose a final solution - in my own case, it is quite OK to just throw it out, but I would think it serves some purpose - perhaps to stop faulty cgi-scripts from running endlessly. Perhaps it could be specified in the configuration file whether this action is wanted or not.
In general you can't assume that a PR is not being considered if there is no update in the last several days. As already noted in the PR, it now works with mod_cgi with current code from CVS. I am still working on getting it working with mod_cgid. (I have it working in a patch posted to dev@httpd yesterday, but the patch needs some further work before committing.) I'm confused about your statement "Apache can not run cgi-scripts with keep-alive" What is the connection between keep-alive and this PR?
looks like bo@kase.se complained on the wrong PR by mistake... ignore the last two updates :)
A fix has just been committed to mod_cgid to terminate scripts which the connection drops. Hopefully it will be in the next stable Apache 2 release (2.0.x). The mod_cgi fixes will almost definitely be in the next stable Apache 2 release.