Eliminating POST Variables

------=_Part_6164_28799990.1144766405381
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I am running a virtual host in Apache 2.0.55 using mod_ssl + OpenSSL
0.9.8aon Win 2k3 Server. It seems to truncate POST requests that
exceed a few
kilobytes.

Here is the scenario: Apache uses a rewrite / proxy rule to forward
requests to Zope:
RewriteRule /(.*)
http://localhost:8080/VirtualHostBase/https/denproduction.fq dn:443/VirtualH=
ostRoot/$1
[P,L]<http://localhost:8080/VirtualHostBase/https/denproduction.fqdn:443/Vi=
rtualHostRoot/$1%5BP,L%5D>
When this rule is applied to the Virtual Host on the secure port 443, there
is a limit to the size of the request variables that it will forward to
Zope. When it is applied to the Apache globally and requests are done over
port 80, any size variables will be passed to Zope. The large requests are
XML files, so I tried unsetting the LimitXMLRequestBody directive.

Here is my virtual host configuration:

<VirtualHost *:443>

ServerName denproduction.fqdn:443
ServerAdmin wdyk [at] fqdn
TransferLog logs/access_log

LimitXMLRequestBody 0

SSLEngine on
ServerName denproduction.fqdn

DocumentRoot C:/Apache2/htdocs
ErrorLog logs/ssl_error_log

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile ssl/denproduction.cert
SSLCertificateKeyFile ssl/denproduction.key

SSLOptions +StdEnvVars +CompatEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# Rewrite Rules for Zope

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLog C:/Apache2/logs/rewrite.log
RewriteLogLevel 0
# Default to route everything to Zope
# If the path starts with /local, then just server Apache's root
RewriteRule ^/test/ - [L]
RewriteRule /(.*)
http://localhost:8080/VirtualHostBase/https/denproduction.fq dn:443/VirtualH=
ostRoot/$1
[P,L]<http://localhost:8080/VirtualHostBase/https/denproduction.fqdn:443/Vi=
rtualHostRoot/$1%5BP,L%5D>
</IfModule>

</VirtualHost>

The problem has occurred when I make POST requests from the Python client
that I am writing, as well as when I am managing large python scripts
through the Zope management interface over SSL.

Any pointers are appreciated!

Wes Dyk, Production Systems Analyst
Noble Energy Production, Inc.

------=_Part_6164_28799990.1144766405381
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<font face=3D"sans-serif" size=3D"2">I am running a virtual host in Apache
2.0.55 using mod_ssl + OpenSSL 0.9.8a on Win 2k3 Server.  It seems
to truncate POST requests that exceed a few kilobytes.</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">Here is the scenario:  Apache=
uses
a rewrite / proxy rule to forward requests to Zope: </font>
<br><font face=3D"sans-serif" size=3D"2">        Rewrit=
eRule
/(.*) <a href=3D"http://localhost:8080/VirtualHostBase/https/denproduction.=
fqdn:443/VirtualHostRoot/$1%5BP,L%5D" target=3D"_blank" onclick=3D"return t=
op.js.OpenExtLink(window,event,this)">http://localhost:8080/ VirtualHostBase=
/https/denproduction.fqdn:443/VirtualHostRoot/$1
[P,L]</a></font>
<br><font face=3D"sans-serif" size=3D"2">When this rule is applied to the V=
irtual
Host on the secure port 443, there is a limit to the size of the request
variables that it will forward to Zope.  When it is applied to the
Apache globally and requests are done over port 80, any size variables
will be passed to Zope.  The large requests are XML
files, so I tried unsetting the LimitXMLRequestBody directive.  </font=
>
<br>
<br><font face=3D"sans-serif" size=3D"2">Here is my virtual host configurat=
ion:</font>
<br>
<br><font face=3D"sans-serif" size=3D"2"><VirtualHost *:443></font>
<br>
<br><font face=3D"sans-serif" size=3D"2">ServerName denproduction.fqdn:443<=
/font>
<br><font face=3D"sans-serif" size=3D"2">ServerAdmin wdyk [at] fqdn</font>
<br><font face=3D"sans-serif" size=3D"2">TransferLog logs/access_log</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">LimitXMLRequestBody 0</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">SSLEngine on</font>
<br><font face=3D"sans-serif" size=3D"2">ServerName denproduction.fqdn</fon=
t>
<br>
<br><font face=3D"sans-serif" size=3D"2">DocumentRoot C:/Apache2/htdocs</fo=
nt>
<br><font face=3D"sans-serif" size=3D"2">ErrorLog logs/ssl_error_log</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">SSLCipherSuite ALL:!ADH:!EXPORT56:=
RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">SSLCertificateFile ssl/denproducti=
on.cert</font>
<br><font face=3D"sans-serif" size=3D"2">SSLCertificateKeyFile ssl/denprodu=
ction.key</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">SSLOptions +StdEnvVars +CompatEnvV=
ars</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">SetEnvIf User-Agent ".*MSIE.*=
"
\</font>
<br><font face=3D"sans-serif" size=3D"2">         =
nokeepalive
ssl-unclean-shutdown \</font>
<br><font face=3D"sans-serif" size=3D"2">         =
downgrade-1.0
force-response-1.0</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">CustomLog logs/ssl_request_log \</=
font>
<br><font face=3D"sans-serif" size=3D"2">         =
"%t
%h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"</font>
<br>
<br><font face=3D"sans-serif" size=3D"2"># Rewrite Rules for Zope</font>
<br>
<br><font face=3D"sans-serif" size=3D"2"><IfModule mod_rewrite.c></fo=
nt>
<br><font face=3D"sans-serif" size=3D"2">  RewriteEngine On</font>
<br><font face=3D"sans-serif" size=3D"2">  RewriteLog C:/Apache2/logs/=
rewrite.log</font>
<br><font face=3D"sans-serif" size=3D"2">  RewriteLogLevel 0</font>
<br><font face=3D"sans-serif" size=3D"2">  # Default to route everythi=
ng
to Zope</font>
<br><font face=3D"sans-serif" size=3D"2">  # If the path starts with /=
local,
then just server Apache's root</font>
<br><font face=3D"sans-serif" size=3D"2">  RewriteRule ^/test/ - [L]</=
font>
<br><font face=3D"sans-serif" size=3D"2">  RewriteRule /(.*) <a href=
=3D"http://localhost:8080/VirtualHostBase/https/denproductio n.fqdn:443/Virt=
ualHostRoot/$1%5BP,L%5D" target=3D"_blank" onclick=3D"return top.js.OpenExt=
Link(window,event,this)">
http://localhost:8080/VirtualHostBase/https/denproduction.fq dn:443/VirtualH=
ostRoot/$1
[P,L]</a></font>
<br><font face=3D"sans-serif" size=3D"2"></IfModule></font>
<br>
<br><font face=3D"sans-serif" size=3D"2"></VirtualHost></font>
<br>
<br><font face=3D"sans-serif" size=3D"2">The problem has occurred when I ma=
ke
POST requests from the Python client that I am writing, as well as when
I am managing large python scripts through the Zope management interface
over SSL.</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">Any pointers are appreciated!</fon=
t>
<br><font face=3D"sans-serif" size=3D"2"><br>
Wes Dyk, Production Systems Analyst<br>
Noble Energy Production, Inc.</font>

------=_Part_6164_28799990.1144766405381--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
aus129 [ Di, 11 April 2006 16:40 ] [ ID #1269661 ]
Webserver » gmane.comp.apache.mod-ssl.user » Eliminating POST Variables

Vorheriges Thema: A SSL scenario (involving multiple SSL-servers)
Nächstes Thema: Apache + mod_python + SSLVerifyClient == broken config / url application

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum