Jeanfrancois Arcand wrote:
> Salut,
>
> Vivek Pandey wrote:
>> This bug was reported on glassfish gem. Seems to me like a bug. I
>> guess grizzly should handle it. Should I open an issue on grizzly or
>> glassfish grizzly component or is it a known bug?
>
> I'm not sure it is a bug at all...I suspect Tomcat does the same as it
> looks like a DoS attack (from w3c)
True, DoS will be when we really try to process the request. There must
be some code in grizzly that decides that this request should be trashed
or go ahead processing it. Instead of trashing the request, could we not
send 414 or atleast log it so that sys admin will know whats going on.
>
>> The server is refusing to service the request because the Request-URI
>> is longer than the server is willing to interpret. This rare
>> condition is only likely to occur when a client has improperly
>> converted a POST request to a GET request with long query
>> information, when the client has descended into a URI "black hole" of
>> redirection (e.g., a redirected URI prefix that points to a suffix of
>> itself), or when the server is under attack by a client attempting to
>> exploit security holes present in some servers using fixed-length
>> buffers for reading or manipulating the Request-URI.
>
> I don't think we MUST return a 414.
>
Currently we go silent about it. Atleast a server log would be a good.
> File it as a RFE and we will try to integrate in 1.9.9
>
Sure.
thanks,
-vivek.
> Thanks!
>
> -- Jeanfrancois
>
>
>>
>> -vivek.
>>
>>
>> -------- Original Message --------
>> Subject: [ glassfishgem-Bugs-24491 ] Glassfish swallows >8KiB
>> HTTP requests
>> Date: Thu, 12 Mar 2009 12:09:29 -0400 (EDT)
>> From: noreply_at_rubyforge.org
>> Reply-To: issues_at_glassfish-scripting.dev.java.net
>> To: noreply_at_rubyforge.org
>>
>>
>>
>> Bugs item #24491, was opened at 2009-03-12 17:09
>> You can respond by visiting:
>> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>>
>>
>> Category: None
>> Group: None
>> Status: Open
>> Resolution: None
>> Priority: 3
>> Submitted By: Xuân Baldauf (mediumnet)
>> Assigned to: Nobody (None)
>> Summary: Glassfish swallows >8KiB HTTP requests
>>
>> Initial Comment:
>> Try to produce a simple HTTP request like
>>
>>
>>
>> GET /foo/bar/loooooooooooooooooooong HTTP/1:0
>>
>> Host: somehost
>>
>>
>>
>>
>>
>> where "loooooooooooooooooooong" has so many 'o' characters such that
>> the whole request has a size >8192 bytes.
>>
>>
>>
>>
>>
>> Then, this HTTP request does not get answered, it gets silently
>> ignored. The TCP connection is closed immediately. No log file entry
>> is written. Note that this happens even if the setting
>> "header-buffer-length-in-bytes" in domains/domain1/config/domain.xml
>> is increased from 8192 to 65536 or so.
>>
>>
>>
>> What should happen is a "HTTP/1.1 414 Request Too Long" response and
>> a log file entry. Additionally, the limit should be changeable.
>>
>>
>>
>> ----------------------------------------------------------------------
>>
>> You can respond by visiting:
>> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> issues-unsubscribe_at_glassfish-scripting.dev.java.net
>> For additional commands, e-mail:
>> issues-help_at_glassfish-scripting.dev.java.net
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: dev-help_at_grizzly.dev.java.net
>