httpd option max body size is ignored for subdomain

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

httpd option max body size is ignored for subdomain

Chris Narkiewicz
Hi,

I'm trying to configure Nextcloud on a subdomain. My config has 2
vhosts and connection max request body is not respected for my subdomain.

default vhost:

server "default" {
    listen on * port 80

    location "/.well-known/acme-challenge/*" {
        root "/acme"
        request strip 2
    }

    location * {
        block return 404
    }
}

server "default_tls" {
    listen on * tls port 443
    tls certificate ...
    tls key ...

    # I must place max request body here, but why?
    # connection max request body 536870912

    location * {
        block return 403
    }
}


nextcloud vhost:

server "nextcloud.mydomain.com" {
    listen on * tls port 443
    ...
    # this is ignored! It takes setting from "default_tls"!
    connection max request body 536870912
}

server "nextcloud.mydomain.com" {
    listen on * port 80;
    location "/.well-known/acme-challenge/*" {
        root "/acme"
        request strip 2
    }

    block return 301 "https://nextcloud.mydomain.com$REQUEST_URI"
}


When I try PUT a file to nextcloud.mydomain.com, my access.log tells me
that this request is handled by default_tls:

default_tls xx.xx.xx.xx - - [03/Feb/2019:14:38:35 +0000] "PUT
/remote.php/webdav/bigger-file.png HTTP/1.1" 413 0

For smaller files with body <1024k (default body limit) it works ok:

nextcloud.mydomain.com xx.xx.xx.xx - - [03/Feb/2019:14:39:51 +0000] "PUT
/remote.php/webdav/smaller-file.png HTTP/1.1" 201 0

Why is httpd not specting subdomain config?


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: httpd option max body size is ignored for subdomain

Florian Obser-2
On Sun, Feb 03, 2019 at 03:43:20PM +0000, Chris Narkiewicz wrote:
> Hi,
>
> I'm trying to configure Nextcloud on a subdomain. My config has 2
> vhosts and connection max request body is not respected for my subdomain.

this has been fixed in current. Wild guess, you are on 6.4?

This diff should apply cleanly to stable sources:

Index: server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -p -r1.127 -r1.128
--- server_http.c 4 Nov 2018 05:56:45 -0000 1.127
+++ server_http.c 4 Dec 2018 18:12:08 -0000 1.128
@@ -198,7 +198,6 @@ void
 server_read_http(struct bufferevent *bev, void *arg)
 {
  struct client *clt = arg;
- struct server_config *srv_conf = clt->clt_srv_conf;
  struct http_descriptor *desc = clt->clt_descreq;
  struct evbuffer *src = EVBUFFER_INPUT(bev);
  char *line = NULL, *key, *value;
@@ -357,11 +356,6 @@ server_read_http(struct bufferevent *bev
  server_abort_http(clt, 500, errstr);
  goto abort;
  }
- if ((size_t)clt->clt_toread >
-    srv_conf->maxrequestbody) {
- server_abort_http(clt, 413, NULL);
- goto abort;
- }
  }
 
  if (strcasecmp("Transfer-Encoding", key) == 0 &&
@@ -1332,6 +1326,12 @@ server_response(struct httpd *httpd, str
 
  /* Now search for the updated location */
  srv_conf = server_getlocation(clt, desc->http_path);
+ }
+
+ if (clt->clt_toread > 0 && (size_t)clt->clt_toread >
+    srv_conf->maxrequestbody) {
+ server_abort_http(clt, 413, NULL);
+ return (-1);
  }
 
  if (srv_conf->flags & SRVFLAG_BLOCK) {


--
I'm not entirely sure you are real.

Reply | Threaded
Open this post in threaded view
|

Re: httpd option max body size is ignored for subdomain

Robert Paschedag
In reply to this post by Chris Narkiewicz
Am 3. Februar 2019 16:43:20 MEZ schrieb Chris Narkiewicz <[hidden email]>:

>Hi,
>
>I'm trying to configure Nextcloud on a subdomain. My config has 2
>vhosts and connection max request body is not respected for my
>subdomain.
>
>default vhost:
>
>server "default" {
>    listen on * port 80
>
>    location "/.well-known/acme-challenge/*" {
>        root "/acme"
>        request strip 2
>    }
>
>    location * {
>        block return 404
>    }
>}
>
>server "default_tls" {
>    listen on * tls port 443
>    tls certificate ...
>    tls key ...
>
>    # I must place max request body here, but why?
>    # connection max request body 536870912
>
>    location * {
>        block return 403
>    }
>}
>
>
>nextcloud vhost:
>
>server "nextcloud.mydomain.com" {
>    listen on * tls port 443
>    ...
>    # this is ignored! It takes setting from "default_tls"!
>    connection max request body 536870912
>}
>
>server "nextcloud.mydomain.com" {
>    listen on * port 80;
>    location "/.well-known/acme-challenge/*" {
>        root "/acme"
>        request strip 2
>    }
>
>    block return 301 "https://nextcloud.mydomain.com$REQUEST_URI"
>}
>
>
>When I try PUT a file to nextcloud.mydomain.com, my access.log tells me
>that this request is handled by default_tls:
>
>default_tls xx.xx.xx.xx - - [03/Feb/2019:14:38:35 +0000] "PUT
>/remote.php/webdav/bigger-file.png HTTP/1.1" 413 0
>
>For smaller files with body <1024k (default body limit) it works ok:
>
>nextcloud.mydomain.com xx.xx.xx.xx - - [03/Feb/2019:14:39:51 +0000]
>"PUT
>/remote.php/webdav/smaller-file.png HTTP/1.1" 201 0
>
>Why is httpd not specting subdomain config?

I think it's because all your servers are listening on all ip addresses for tls and httpd cannot determine the "hostname" of the server you're requesting
So it takes the *first*... The default. Define a IP to listen for nextcloud.... and it should work.

Robert

--
sent from my mobile device