Salut.
Vivek Pandey wrote:
> Jeanfrancois Arcand wrote:
>> Salut,
>>
>> Vivek Pandey wrote:
>>> This bug was reported on glassfish gem. Seems to me like a bug. I
>>> guess grizzly should handle it. Should I open an issue on grizzly or
>>> glassfish grizzly component or is it a known bug?
>>
>> I'm not sure it is a bug at all...I suspect Tomcat does the same as it
>> looks like a DoS attack (from w3c)
> True, DoS will be when we really try to process the request. There must
> be some code in grizzly that decides that this request should be trashed
> or go ahead processing it. Instead of trashing the request, could we not
> send 414 or atleast log it so that sys admin will know whats going on.
Ok that's something we can improve, but it may flood the log under a
DoS. But I agree with you and Jacok we must have something.
>
>>
>>> The server is refusing to service the request because the Request-URI
>>> is longer than the server is willing to interpret. This rare
>>> condition is only likely to occur when a client has improperly
>>> converted a POST request to a GET request with long query
>>> information, when the client has descended into a URI "black hole" of
>>> redirection (e.g., a redirected URI prefix that points to a suffix of
>>> itself), or when the server is under attack by a client attempting to
>>> exploit security holes present in some servers using fixed-length
>>> buffers for reading or manipulating the Request-URI.
>>
>> I don't think we MUST return a 414.
>>
> Currently we go silent about it. Atleast a server log would be a good.
>> File it as a RFE and we will try to integrate in 1.9.9
>>
> Sure.
>
> thanks,
Your welcome!
--Jeanfrancois
>
> -vivek.
>> Thanks!
>>
>> -- Jeanfrancois
>>
>>
>>>
>>> -vivek.
>>>
>>>
>>> -------- Original Message --------
>>> Subject: [ glassfishgem-Bugs-24491 ] Glassfish swallows >8KiB
>>> HTTP requests
>>> Date: Thu, 12 Mar 2009 12:09:29 -0400 (EDT)
>>> From: noreply_at_rubyforge.org
>>> Reply-To: issues_at_glassfish-scripting.dev.java.net
>>> To: noreply_at_rubyforge.org
>>>
>>>
>>>
>>> Bugs item #24491, was opened at 2009-03-12 17:09
>>> You can respond by visiting:
>>> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>>>
>>>
>>> Category: None
>>> Group: None
>>> Status: Open
>>> Resolution: None
>>> Priority: 3
>>> Submitted By: Xuân Baldauf (mediumnet)
>>> Assigned to: Nobody (None)
>>> Summary: Glassfish swallows >8KiB HTTP requests
>>>
>>> Initial Comment:
>>> Try to produce a simple HTTP request like
>>>
>>>
>>>
>>> GET /foo/bar/loooooooooooooooooooong HTTP/1:0
>>>
>>> Host: somehost
>>>
>>>
>>>
>>>
>>>
>>> where "loooooooooooooooooooong" has so many 'o' characters such that
>>> the whole request has a size >8192 bytes.
>>>
>>>
>>>
>>>
>>>
>>> Then, this HTTP request does not get answered, it gets silently
>>> ignored. The TCP connection is closed immediately. No log file entry
>>> is written. Note that this happens even if the setting
>>> "header-buffer-length-in-bytes" in domains/domain1/config/domain.xml
>>> is increased from 8192 to 65536 or so.
>>>
>>>
>>>
>>> What should happen is a "HTTP/1.1 414 Request Too Long" response and
>>> a log file entry. Additionally, the limit should be changeable.
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> You can respond by visiting:
>>> http://rubyforge.org/tracker/?func=detail&atid=21080&aid=24491&group_id=5450
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> issues-unsubscribe_at_glassfish-scripting.dev.java.net
>>> For additional commands, e-mail:
>>> issues-help_at_glassfish-scripting.dev.java.net
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: dev-help_at_grizzly.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: dev-help_at_grizzly.dev.java.net
>