[Bug 63325] New: Default body_min_rate not enabled in mod_reqtimeout

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 63325] New: Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

            Bug ID: 63325
           Summary: Default body_min_rate not enabled in mod_reqtimeout
           Product: Apache httpd-2
           Version: 2.4.39
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_reqtimeout
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

The changes to mod_reqtimeout made in 2.4.39 (as per bug 61310) have no default
for the body_min_rate parameter, contrary to both the documentation and the
behaviour of <=2.4.38.

This means that if no explicit RequestReadTimeout statement is made in
httpd.conf, by default the server will return a 408 timeout after 20s even if
the client is actively sending data to the server (e.g. for a large file
upload). I found this bug when users reported they could no longer upload files
to our websites.

I have tested under a fresh install of both Linux (Ubuntu) and FreeBSD (11 and
12).

While some distributions such as ubuntu explicitly define RequestReadTimeout in
their default config, the documentation states the default is
body=20,minrate=500 (which was correct for <=2.4.38). This means 2.4.39 breaks
file uploads where the documented default is relied on, which is why I've
marked this bug as major.

WORKAROUND: Explicitly set the default:
RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
in httpd.conf and reload.

It looks like the changes made to mod_reqtimeout in 2.4.39 were fairly major in
order to incorporate the new "handshake" stage, so although I've tried, I'm
afraid I'm unable to see where the problem might lie. Sorry I can't be more
help diagnosing this.

Many thanks.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

--- Comment #1 from Yann Ylavic <[hidden email]> ---
Thanks for the report.

Do you set RequestReadTimeout partly (e.g. body= but no ,MinRate=) or not at
all?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

--- Comment #2 from Oliver H <[hidden email]> ---
I would assume that defining a simple body=20 would automatically stop minrate
from working, so no: my report is based on when there are no RequestReadTimeout
declarations in any conf file (I grepped thoroughly to confirm).

Oliver

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

--- Comment #3 from Yann Ylavic <[hidden email]> ---
Created attachment 36514
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36514&action=edit
Fix reqtimeout macros lowercase

The macros MRT_DEFAULT_*_MIN_RATE which contain the default value were
partially made lowercase for some magic, unfortunately the ones tested in
reqtimeout_hooks() were not renammed, hence the bug.

Could you please try with this patch?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

Yann Ylavic <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

--- Comment #4 from Yann Ylavic <[hidden email]> ---
Fixed in r1857129, will propose a backport to next 2.4.x.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

--- Comment #5 from Oliver H <[hidden email]> ---
Huge thanks for the quick work, I can confirm the patch fixes the issue.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63325] Default body_min_rate not enabled in mod_reqtimeout

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63325

Yann Ylavic <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #6 from Yann Ylavic <[hidden email]> ---
*** Bug 63329 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]