Salut,
Vivek Pandey wrote:
> This bug was reported on glassfish gem. Seems to me like a bug. I guess
> grizzly should handle it. Should I open an issue on grizzly or glassfish
> grizzly component or is it a known bug?
I'm not sure it is a bug at all...I suspect Tomcat does the same as it
looks like a DoS attack (from w3c)
> The server is refusing to service the request because the Request-URI is longer than the server is willing to interpret. This rare condition is only likely to occur when a client has improperly converted a POST request to a GET request with long query information, when the client has descended into a URI "black hole" of redirection (e.g., a redirected URI prefix that points to a suffix of itself), or when the server is under attack by a client attempting to exploit security holes present in some servers using fixed-length buffers for reading or manipulating the Request-URI.
I don't think we MUST return a 414.
File it as a RFE and we will try to integrate in 1.9.9
Thanks!
-- Jeanfrancois
>
> -vivek.
>
>
> -------- Original Message --------
> Subject: [ glassfishgem-Bugs-24491 ] Glassfish swallows >8KiB HTTP
> requests
> Date: Thu, 12 Mar 2009 12:09:29 -0400 (EDT)
> From: noreply_at_rubyforge.org
> Reply-To: issues_at_glassfish-scripting.dev.java.net
> To: noreply_at_rubyforge.org
>
>
>
> Bugs item #24491, was opened at 2009-03-12 17:09
> You can respond by visiting:
> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>
>
> Category: None
> Group: None
> Status: Open
> Resolution: None
> Priority: 3
> Submitted By: Xuân Baldauf (mediumnet)
> Assigned to: Nobody (None)
> Summary: Glassfish swallows >8KiB HTTP requests
>
> Initial Comment:
> Try to produce a simple HTTP request like
>
>
>
> GET /foo/bar/loooooooooooooooooooong HTTP/1:0
>
> Host: somehost
>
>
>
>
>
> where "loooooooooooooooooooong" has so many 'o' characters such that the
> whole request has a size >8192 bytes.
>
>
>
>
>
> Then, this HTTP request does not get answered, it gets silently ignored.
> The TCP connection is closed immediately. No log file entry is written.
> Note that this happens even if the setting
> "header-buffer-length-in-bytes" in domains/domain1/config/domain.xml is
> increased from 8192 to 65536 or so.
>
>
>
> What should happen is a "HTTP/1.1 414 Request Too Long" response and a
> log file entry. Additionally, the limit should be changeable.
>
>
>
> ----------------------------------------------------------------------
>
> You can respond by visiting:
> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: issues-unsubscribe_at_glassfish-scripting.dev.java.net
> For additional commands, e-mail:
> issues-help_at_glassfish-scripting.dev.java.net
>
>