2022-11-08 06:50:39 +00:00
|
|
|
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
|
|
|
|
index e1ec8d0..833fa7b 100644
|
|
|
|
--- a/docs/manual/mod/core.html.en
|
|
|
|
+++ b/docs/manual/mod/core.html.en
|
|
|
|
@@ -2748,16 +2748,16 @@ subrequests</td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Restricts the total size of the HTTP request body sent
|
|
|
|
from the client</td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LimitRequestBody <var>bytes</var></code></td></tr>
|
|
|
|
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LimitRequestBody 0</code></td></tr>
|
|
|
|
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LimitRequestBody 1073741824</code></td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
|
|
|
|
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
|
|
|
|
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>In Apache HTTP Server 2.4.53 and earlier, the default value
|
|
|
|
+ was 0 (unlimited)</td></tr>
|
|
|
|
</table>
|
|
|
|
- <p>This directive specifies the number of <var>bytes</var> from 0
|
|
|
|
- (meaning unlimited) to 2147483647 (2GB) that are allowed in a
|
|
|
|
- request body. See the note below for the limited applicability
|
|
|
|
- to proxy requests.</p>
|
|
|
|
+ <p>This directive specifies the number of <var>bytes</var>
|
|
|
|
+ that are allowed in a request body. A value of <var>0</var> means unlimited.</p>
|
|
|
|
|
|
|
|
<p>The <code class="directive">LimitRequestBody</code> directive allows
|
|
|
|
the user to set a limit on the allowed size of an HTTP request
|
|
|
|
@@ -2783,12 +2783,6 @@ from the client</td></tr>
|
|
|
|
|
|
|
|
<pre class="prettyprint lang-config">LimitRequestBody 102400</pre>
|
|
|
|
|
|
|
|
-
|
|
|
|
- <div class="note"><p>For a full description of how this directive is interpreted by
|
|
|
|
- proxy requests, see the <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> documentation.</p>
|
|
|
|
- </div>
|
|
|
|
-
|
|
|
|
-
|
|
|
|
</div>
|
|
|
|
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
|
|
|
<div class="directive-section"><h2><a name="LimitRequestFields" id="LimitRequestFields">LimitRequestFields</a> <a name="limitrequestfields" id="limitrequestfields">Directive</a></h2>
|
|
|
|
diff --git a/docs/manual/mod/mod_proxy.html.en b/docs/manual/mod/mod_proxy.html.en
|
|
|
|
index 2cc6ace..c9e4634 100644
|
|
|
|
--- a/docs/manual/mod/mod_proxy.html.en
|
|
|
|
+++ b/docs/manual/mod/mod_proxy.html.en
|
|
|
|
@@ -459,9 +459,6 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10</pre>
|
|
|
|
Content-Length header, but the server is configured to filter incoming
|
|
|
|
request bodies.</p>
|
|
|
|
|
|
|
|
- <p><code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> only applies to
|
|
|
|
- request bodies that the server will spool to disk</p>
|
|
|
|
-
|
|
|
|
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
|
|
|
<div class="section">
|
|
|
|
<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
|
|
|
|
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
|
|
|
|
index 6bedcac..393343a 100644
|
|
|
|
--- a/modules/http/http_filters.c
|
|
|
|
+++ b/modules/http/http_filters.c
|
|
|
|
@@ -1710,6 +1710,7 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
|
|
|
|
{
|
|
|
|
const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
|
|
|
|
const char *lenp = apr_table_get(r->headers_in, "Content-Length");
|
|
|
|
+ apr_off_t limit_req_body = ap_get_limit_req_body(r);
|
|
|
|
|
|
|
|
r->read_body = read_policy;
|
|
|
|
r->read_chunked = 0;
|
|
|
|
@@ -1748,6 +1749,11 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
|
|
|
|
return HTTP_REQUEST_ENTITY_TOO_LARGE;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (limit_req_body > 0 && (r->remaining > limit_req_body)) {
|
|
|
|
+ /* will be logged when the body is discarded */
|
|
|
|
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
#ifdef AP_DEBUG
|
|
|
|
{
|
|
|
|
/* Make sure ap_getline() didn't leave any droppings. */
|
|
|
|
diff --git a/server/core.c b/server/core.c
|
2023-11-15 02:42:44 +00:00
|
|
|
index a0bfaad..6556f20 100644
|
2022-11-08 06:50:39 +00:00
|
|
|
--- a/server/core.c
|
|
|
|
+++ b/server/core.c
|
|
|
|
@@ -65,7 +65,7 @@
|
|
|
|
|
|
|
|
/* LimitRequestBody handling */
|
|
|
|
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
|
|
|
|
-#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
|
|
|
|
+#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
|
|
|
|
|
|
|
|
/* LimitXMLRequestBody handling */
|
|
|
|
#define AP_LIMIT_UNSET ((long) -1)
|