LimitRequestBody 0 - modssl

This is a discussion on LimitRequestBody 0 - modssl ; This sounds a lot like https://issues.apache.org/bugzilla/s...g.cgi?id=42625 https://issues.apache.org/bugzilla/s...g.cgi?id=12355 But I think it is different. I'm using certificates for authentication to all of my pages: # applied to _all_ URLs SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 5 SSLCACertificateFile /root/openssl/doberman-ca.crt SSLOptions +FakeBasicAuth SSLRequire %{SSL_CLIENT_S_DN_O} eq ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: LimitRequestBody 0

  1. LimitRequestBody 0

    This sounds a lot like
    https://issues.apache.org/bugzilla/s...g.cgi?id=42625
    https://issues.apache.org/bugzilla/s...g.cgi?id=12355

    But I think it is different. I'm using certificates for authentication
    to all of my pages:


    # applied to _all_ URLs
    SSLRequireSSL

    SSLVerifyClient require
    SSLVerifyDepth 5
    SSLCACertificateFile /root/openssl/doberman-ca.crt
    SSLOptions +FakeBasicAuth
    SSLRequire %{SSL_CLIENT_S_DN_O} eq "mcprogramming.com" and \
    %{SSL_CLIENT_S_DN_OU} in {"doberman", "localhost"}


    When I try to upload an image to my wiki (MoinMoin, 1.70rc2) I get
    a 413:
    Request Entity Too Large
    The requested resource
    /m17test/MyStartingPage
    does not allow request data with POST requests, or the amount of data
    provided in the request exceeds the capacity limit.
    Apache/2.2.8 (Debian) mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/2.0
    Python/2.5.2 Server at localhost Port 443

    I can add
    LimitRequestBody 2147483647
    to conf and things work splendidly, but if I use
    LimitRequestBody 0
    (which should allow unlimited upload sizes), I'm back to the error
    messages above.

    Any thoughts? All the version info is in the error message, this is on
    a debian testing system.

    TIA
    --
    Keith Hellman #include
    khellman@mcprogramming.com from disclaimer import standard
    khellman@mines.edu
    -*-
    public key @ pgp.mit.edu 9FCF40FD
    Y!M: mcprogramming AIM/ICQ: 485403897
    gtalk: jabber@mcprogramming.com
    -*-

    "The First Python function ever written (takes place in the Garden of Eden)"

    Guido sayeth "I will write def foo():"
    "Hmm, I could use an import, or two",
    Satan said, in a whirl, "Why not write it in Perl?",
    and the second function ever written - def foo_you():

    -- Python Limmerick Contest submission by cappy2112
    http://groups-beta.google.com/group/...780beaff2e88a/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFISBiceAsFcZ/PQP0RAoXDAKCppHaksWfZ960Qpe0JPXxadjIbrgCfbsWD
    uNGEMYg63ivMGcu5APQe0DQ=
    =YZSv
    -----END PGP SIGNATURE-----


  2. Re: LimitRequestBody 0

    Oh yeah, I forgot to mention: everything works AOK if I try using http
    instead (hence, I'm posting on the modssl list).
    --
    Keith Hellman #include
    khellman@mcprogramming.com from disclaimer import standard
    khellman@mines.edu
    -*-
    public key @ pgp.mit.edu 9FCF40FD
    Y!M: mcprogramming AIM/ICQ: 485403897
    gtalk: jabber@mcprogramming.com
    -*-

    "We will perhaps eventually be writing only small modules which are identified
    by name as they are used to build larger ones, so that devices like
    indentation, rather than delimiters, might become feasible for expressing local
    structure in the source language."

    -- Donald E. Knuth, "Structured Programming with goto Statements", Computing
    Surveys, Vol 6 No 4, Dec. 1974

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFISBzweAsFcZ/PQP0RAjPnAJ96frSoUxSBD+75UTJGXEmzXhjB/wCgsfnS
    X/gWaif8SgCIRCZxuFGXZsw=
    =/1N6
    -----END PGP SIGNATURE-----


  3. Re: LimitRequestBody 0

    On Thu, Jun 05, 2008 at 10:47:25AM -0600, Keith Hellman wrote:
    > This sounds a lot like
    > https://issues.apache.org/bugzilla/s...g.cgi?id=42625
    > https://issues.apache.org/bugzilla/s...g.cgi?id=12355
    >
    > But I think it is different. I'm using certificates for authentication
    > to all of my pages:
    >
    >
    > # applied to _all_ URLs
    > SSLRequireSSL
    >
    > SSLVerifyClient require


    You should put all this inside the VirtualHost config for the SSL
    vhost(s) in question. That way you avoid having to do a per-location
    renegotiation and the request body buffering which is necessary in that
    case.

    joe
    __________________________________________________ ____________________
    Apache Interface to OpenSSL (mod_ssl) www.modssl.org
    User Support Mailing List modssl-users@modssl.org
    Automated List Manager majordomo@modssl.org


+ Reply to Thread