Bugs: Browse | Submit New | Admin

[#24491] Glassfish swallows >8KiB HTTP requests

Date:
2009-03-12 16:09
Priority:
3
Submitted By:
Xuân Baldauf (mediumnet)
Assigned To:
Nobody (None)
Category:
None
State:
Open
Target Release:
 
Summary:
Glassfish swallows >8KiB HTTP requests

Detailed description
Try to produce a simple HTTP request like

GET /foo/bar/loooooooooooooooooooong HTTP/1:0
Host: somehost


where "loooooooooooooooooooong" has so many 'o' characters such that the whole request has a size >8192
bytes.


Then, this HTTP request does not get answered, it gets silently ignored. The TCP connection is closed immediately. No
log file entry is written. Note that this happens even if the setting "header-buffer-length-in-bytes"
in domains/domain1/config/domain.xml is increased from 8192 to 65536 or so.

What should happen is a "HTTP/1.1 414 Request Too Long" response and a log file entry. Additionally, the limit
should be changeable.

Add A Comment: Notepad

Please login


Followup

Message
Date: 2009-03-16 04:56
Sender: Vivek Pandey

GlassFish uses grizzly for HTTP layer. Since it could be a DOS
attack and server would like to be fairly conservative about it.

The resolution for this is to log a message in the server log
and there would not be a 414 returned. This issue is being worked
in grizzly. See https://grizzly.dev.java.net/issues/show_bug.cgi?
id=487. If you have any comment please take the discussion there.

Attached Files:

Name Description Download
No Files Currently Attached

Changes:

Field Old Value Date By
resolution_idNone2009-03-16 04:56vivekp