diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 24f40685b8..b6c146d21c 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -2855,17 +2855,17 @@ LimitInternalRecursion 5 Restricts the total size of the HTTP request body sent from the client LimitRequestBody bytes -LimitRequestBody 0 +LimitRequestBody 1073741824 server configvirtual host directory.htaccess All +In Apache HTTP Server 2.4.53 and earlier, the default value +was 0 (unlimited) -

This directive specifies the number of bytes from 0 - (meaning unlimited) to 2147483647 (2GB) that are allowed in a - request body. See the note below for the limited applicability - to proxy requests.

+

This directive specifies the number of bytes + that are allowed in a request body. A value of 0 means unlimited.

The LimitRequestBody directive allows the user to set a limit on the allowed size of an HTTP request @@ -2893,10 +2893,6 @@ from the client LimitRequestBody 102400 -

For a full description of how this directive is interpreted by - proxy requests, see the mod_proxy documentation.

- - diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml index eecbfbe6df..a440f99ccc 100644 --- a/docs/manual/mod/mod_proxy.xml +++ b/docs/manual/mod/mod_proxy.xml @@ -445,9 +445,6 @@ ProxyPass "/apps" "http://127" Content-Length header, but the server is configured to filter incoming request bodies.

-

LimitRequestBody only applies to - request bodies that the server will spool to disk

-
Reverse Proxy Request Headers diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index 1cd4ad51d5..06ab85da4f 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -1505,6 +1505,7 @@ cleanup: AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy) { const char *lenp = apr_table_get(r->headers_in, "Content-Length"); + apr_off_t limit_req_body = ap_get_limit_req_body(r); r->read_body = read_policy; r->read_chunked = 0; @@ -1538,6 +1539,11 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy) return HTTP_REQUEST_ENTITY_TOO_LARGE; } + if (limit_req_body > 0 && (r->remaining > limit_req_body)) { + /* will be logged when the body is discarded */ + return HTTP_REQUEST_ENTITY_TOO_LARGE; + } + #ifdef AP_DEBUG { /* Make sure ap_getline() didn't leave any droppings. */ diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index cf6c0adaf1..434e37c9d4 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -4292,13 +4292,10 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r, apr_bucket *e; apr_off_t bytes, fsize = 0; apr_file_t *tmpfile = NULL; - apr_off_t limit; *bytes_spooled = 0; body_brigade = apr_brigade_create(p, bucket_alloc); - limit = ap_get_limit_req_body(r); - do { if (APR_BRIGADE_EMPTY(input_brigade)) { rv = ap_proxy_read_input(r, backend, input_brigade, @@ -4316,17 +4313,6 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r, apr_brigade_length(input_brigade, 1, &bytes); if (*bytes_spooled + bytes > max_mem_spool) { - /* - * LimitRequestBody does not affect Proxy requests (Should it?). - * Let it take effect if we decide to store the body in a - * temporary file on disk. - */ - if (limit && (*bytes_spooled + bytes > limit)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01088) - "Request body is larger than the configured " - "limit of %" APR_OFF_T_FMT, limit); - return HTTP_REQUEST_ENTITY_TOO_LARGE; - } /* can't spool any more in memory; write latest brigade to disk */ if (tmpfile == NULL) { const char *temp_dir; diff --git a/server/core.c b/server/core.c index e3953f231a..5653b4db3e 100644 --- a/server/core.c +++ b/server/core.c @@ -68,7 +68,7 @@ /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) -#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ /* LimitXMLRequestBody handling */ #define AP_LIMIT_UNSET ((long) -1)