httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <...@apache.org>
Subject Re: How to read data in a request handler and then return DECLINED without consuming the data in the bucket brigade?
Date Mon, 04 Jun 2018 18:12:32 GMT
On Mon, 4 Jun 2018 10:23:59 -0700
Paul Callahan <paul@tcell.io> wrote:

> Thank you for your replies.
> 
> I did try with input filters.  The reason I'm trying to do this in a
> handler is because I want to return 403 to the browser if the request
> body has something unsavory in it.   With reverse proxied requests,
> it appears the input filter fires too late and if I try to send a
> bucket with 403 in it, it is ignored and a 400 goes back to the
> browser.   In the debugger, I see the fixup call back being hit
> before my input filter.   If I could get the input filter to trip
> sooner without consuming the request, I could go with that.  If I
> call ap_get_brigade() in an earlier handler to trip the input filter,
> it appears the request body is consumed.

OK, that's actually quite a complex task, especially if
you need to deal with larger requests.

It is, however, as task that's been done in open source
code you can look at, or perhaps use instead of reinventing
their wheel.  Either Ironbee or mod_security will scan a
request body for you.

> btw, Nick I bought your book - it was a great help :)

Thanks :)

-- 
Nick Kew

Mime
View raw message