httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: [users@httpd] Determining incoming request size
Date Wed, 24 Aug 2005 04:54:57 GMT
Nick Kew wrote:
> Tony VanScoy wrote:
>> Is it possible to get the size of an incoming request? If so, how
>> reliable is it? I was thinking of using Content-Length, but I thought
>> I read somewhere that it's up to the browser to set that value.
> Indeed it is.  You then read Content-Length bytes.  If there are more
> bytes on the line, they're just line noise.
> Of course, if you run HTTP/1.1 you may not get a Content-length header.
> Apache will dechunk it for you, but you won't know the size in advance.

Understand, however, that it's not ambigious

If Transfer-Encoding is present, it's not controlled by Content-Length,
and the Content-Length would be injected in most spoofing attacks, so
it must be ignored.

As Nick says, the most common (and only recognized) Transfer-Encoding
is 'chunked'.  At that point, you simply read to EOF and as he pointed
out, it will be the correct length.  This is preferred these days, as
only the final consumer should be interested in an absolute length.

If Transfer-Encoding is absent, and Content-Length is present, Apache
will send you the body --- however the length will vary if an input
filter has modified the length.  Again, Apache sends you all the bytes
you need, so you should always read to EOF.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message