From: Daniel F. <fly...@go...> - 2010-02-22 18:56:10
|
I have some Problem with the Fileupload. Use php as cgi module and the ini options allow more. If the Upload takes to long, the conection times out. here a little tracelog. Where is the Problem? The php.ini is configured to allow bigger and longer uploads. *** CLI -> SRV *** POST /admin/musik/mp3add.php HTTP/1.1 Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Host: 96.45.189.224 Referer: http://96.45.189.224/admin/musik/mp3add.php User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2pre) Gecko/20100221 Ubuntu/9.10 (karmic) Namoroka/3.6.2pre GTB6 Cookie: PHPSESSID=gjbqu1Mh2NCNj-lSt3CG12 Keep-Alive: 115 Content-Length: 5285059 Content-Type: multipart/form-data; boundary=---------------------------1181808344800154307784182983 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Encoding: gzip,deflate Accept-Language: de,en-us;q=0.7,en;q=0.3 *** CLI -> SRV *** timeout *** CLI -> SRV *** New (nossl) connection from 85.179.12.11:59433 *** CLI -> SRV *** POST /admin/musik/mp3add.php HTTP/1.1 Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Host: 96.45.189.224 Referer: http://96.45.189.224/admin/musik/mp3add.php User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2pre) Gecko/20100221 Ubuntu/9.10 (karmic) Namoroka/3.6.2pre GTB6 Cookie: PHPSESSID=gjbqu1Mh2NCNj-lSt3CG12 Keep-Alive: 115 Content-Length: 5285059 Content-Type: multipart/form-data; boundary=---------------------------1181808344800154307784182983 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Encoding: gzip,deflate Accept-Language: de,en-us;q=0.7,en;q=0.3 *** CLI -> SRV *** timeout |
From: Daniel F. <fly...@go...> - 2010-03-01 15:01:07
|
after some research i found out, that longer uploads are since several versions not possible after an change, to avoid dos attacks with the file upload. Is there anything planed, to fix this, that also longer uploads are possible? Or could someone show me the place, where this change were, to see, if i could make an fix by myself? |
From: Claes W. <kl...@ta...> - 2010-03-01 21:04:48
|
Daniel Fahlke wrote: > after some research i found out, that longer uploads are since several > versions not possible after an change, to avoid dos attacks with the > file upload. Which research, I don't recall this. Please remind me. /klacke |
From: Daniel F. <fly...@go...> - 2010-03-01 21:37:16
|
*search trough the logs of the last days* First this Bugfix. It was in the News (Sat Dec 11 2004 Version 1.50 released) "Form post parameter was still always managed as atoms. This is a backwards incompatible change. It broke the wiki aswell as the upload example in the Yaws docs.However, the change is sound since it was easy to DOS a yaws server by sending file upload posts with new atoms. Eventually the atom table would overflow. However it does break code !!! (mikl) " couldnt find now the place, that directed me to this bugfix, but here a report of this bug, from 2006 http://osdir.com/ml/web.server.yaws.general/2006-07/msg00035.html |
From: Claes W. <kl...@ta...> - 2010-03-02 08:37:37
|
Daniel Fahlke wrote: > *search trough the logs of the last days* > > First this Bugfix. > It was in the News (Sat Dec 11 2004 Version 1.50 released) > > "Form post parameter was still always managed as atoms. This is a > backwards incompatible change. It broke the wiki aswell as the upload > example in the Yaws docs.However, the change is sound since it was easy > to DOS a yaws server by sending file upload posts with new atoms. > Eventually the atom table would overflow. However it does break code !!! Ok, looong ago. That fix didn't have anything todo whatsoever with the size of the uploaded file. The problem was that the POST parse code did list_to_atom/1 while parsing. This meant that a malicious user could POST a long series of wacko POST requests where each POST request potentially created a set of new e.g. random atoms - that way filling up the erl atom table which is of fixed size - thus eventually making erl die. /klacke |
From: Daniel F. <fly...@go...> - 2010-03-02 08:55:44
|
2010/3/2 Claes Wikström <kl...@ta...> > Daniel Fahlke wrote: > >> *search trough the logs of the last days* >> >> First this Bugfix. >> It was in the News (Sat Dec 11 2004 Version 1.50 released) >> >> "Form post parameter was still always managed as atoms. This is a >> backwards incompatible change. It broke the wiki aswell as the upload >> example in the Yaws docs.However, the change is sound since it was easy to >> DOS a yaws server by sending file upload posts with new atoms. Eventually >> the atom table would overflow. However it does break code !!! >> > > > Ok, looong ago. > > That fix didn't have anything todo whatsoever with the size of the > uploaded file. The problem was that the POST parse code did list_to_atom/1 > while parsing. This meant that a malicious user could POST a long series > of wacko POST requests where each POST request potentially created > a set of new e.g. random atoms - that way filling up the erl atom table > which is of fixed size - thus eventually making erl die. > > > /klacke > than i was wrong, but why and since when does the upload no bigger( or only longer?) uploads? And where is the cause for that? I would help with that, if i know, where to search =( |
From: Michal Z. <zaj...@gm...> - 2010-03-02 09:51:09
|
I use yaws to upload large files (up to 2 gb) and it works fine (1.6x -> 1.80 versions), so I guess not a server is an issue. It also behaves well on low bandwidth networks where upload time is quite long. Make sure that in multipart request you do not try send more than 2 gb. All browsers silently crash in this case. Here is example issue report for Mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=383446 On 2 March 2010 09:55, Daniel Fahlke <fly...@go...> wrote: > 2010/3/2 Claes Wikström <kl...@ta...> > > Daniel Fahlke wrote: >> >>> *search trough the logs of the last days* >>> >>> First this Bugfix. >>> It was in the News (Sat Dec 11 2004 Version 1.50 released) >>> >>> "Form post parameter was still always managed as atoms. This is a >>> backwards incompatible change. It broke the wiki aswell as the upload >>> example in the Yaws docs.However, the change is sound since it was easy to >>> DOS a yaws server by sending file upload posts with new atoms. Eventually >>> the atom table would overflow. However it does break code !!! >>> >> >> >> Ok, looong ago. >> >> That fix didn't have anything todo whatsoever with the size of the >> uploaded file. The problem was that the POST parse code did >> list_to_atom/1 >> while parsing. This meant that a malicious user could POST a long series >> of wacko POST requests where each POST request potentially created >> a set of new e.g. random atoms - that way filling up the erl atom table >> which is of fixed size - thus eventually making erl die. >> >> >> /klacke >> > > than i was wrong, but why and since when does the upload no bigger( or only > longer?) uploads? And where is the cause for that? > I would help with that, if i know, where to search =( > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > > |
From: Daniel F. <fly...@go...> - 2010-03-02 11:17:27
|
2010/3/2 Michal Zajda <zaj...@gm...> > I use yaws to upload large files (up to 2 gb) and it works fine (1.6x -> > 1.80 versions), so I guess not a server is an issue. It also behaves well on > low bandwidth networks where upload time is quite long. > > Make sure that in multipart request you do not try send more than 2 gb. All > browsers silently crash in this case. Here is example issue report for > Mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=383446 > > Was that on a local machine? for example http://yaws.hyber.org/upload0.yaws i tried an 4,9 MB file and get an "The connection was reset" after some time. I use Yaws version 1.87 after some tries the biggest file i could upload was 3,1 MB big. |
From: Michal Z. <zaj...@gm...> - 2010-03-02 11:44:04
|
> > Was that on a local machine? > > tested on local and remote machines. > for example http://yaws.hyber.org/upload0.yaws > i tried an 4,9 MB file and get an "The connection was reset" after some > time. > I use Yaws version 1.87 > > after some tries the biggest file i could upload was 3,1 MB big. > > well, the limit 3.~ MB may be set to avoid DOS. So use only your own environment to test uploads. > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > > |
From: Claes W. <kl...@ta...> - 2010-03-02 11:47:18
|
Daniel Fahlke wrote: > > for example http://yaws.hyber.org/upload0.yaws > i tried an 4,9 MB file and get an "The connection was reset" after some > time. > I use Yaws version 1.87 > > after some tries the biggest file i could upload was 3,1 MB big. Well now that is a bug report I can relate to, I can reproduce. I'll have a look at it ASAP. My first look at the code triggered a giggle though, the Yaws upload test code actually stores all files in -define(DIR, "/tmp/YawsTestUploads/"). So, I see: # ls -lat /tmp/YawsTestUploads/ -rw-r--r-- 1 root root 3051969 Mar 2 12:14 Secret_of_Mana_Theme_-_Anime_Techno_Remix.mp3 -rw-r--r-- 1 root root 3367947 Mar 2 12:13 Princess_Mononoke_Theme_Song-Full_Length_English_Mix_version.mp3 -rw-r--r-- 1 root root 3018533 Mar 2 12:11 Eisblume_-_Leben_ist_sch_n.mp3 -rw-r--r-- 1 root root 2843408 Mar 2 12:11 Ashley_Tisdale_-_Its_Alright__OK_w_lyrics.mp3 ...... :-) You might want do something about that music taste :-) /klacke |
From: Daniel F. <fly...@go...> - 2010-03-02 12:05:20
|
2010/3/2 Claes Wikström <kl...@ta...> > Daniel Fahlke wrote: > > >> for example http://yaws.hyber.org/upload0.yaws >> i tried an 4,9 MB file and get an "The connection was reset" after some >> time. >> I use Yaws version 1.87 >> >> after some tries the biggest file i could upload was 3,1 MB big. >> > > Well now that is a bug report I can relate to, I can reproduce. > I'll have a look at it ASAP. > > My first look at the code triggered a giggle though, the Yaws upload test > code actually stores all files in > > -define(DIR, "/tmp/YawsTestUploads/"). > > So, I see: > > # ls -lat /tmp/YawsTestUploads/ > > -rw-r--r-- 1 root root 3051969 Mar 2 12:14 > Secret_of_Mana_Theme_-_Anime_Techno_Remix.mp3 > -rw-r--r-- 1 root root 3367947 Mar 2 12:13 > Princess_Mononoke_Theme_Song-Full_Length_English_Mix_version.mp3 > -rw-r--r-- 1 root root 3018533 Mar 2 12:11 Eisblume_-_Leben_ist_sch_n.mp3 > -rw-r--r-- 1 root root 2843408 Mar 2 12:11 > Ashley_Tisdale_-_Its_Alright__OK_w_lyrics.mp3 > ...... > > :-) > > You might want do something about that music taste :-) > > > /klacke > > > hehe, not all musik was for me(anyway,I have no music taste ), but thats not the point^^ was simpler to test with this music-files, because there size was in the right range. That there must an tmp dir dont suprise me, there is most a tmp dir for fileuploads^^ maybe you should mention, that there will be a temporary copy. And thank you for your time |
From: Claes W. <kl...@ta...> - 2010-03-02 14:38:33
|
Daniel Fahlke wrote: > And thank you for your time > I actually got pretty worried here, there is a config parameter partial_post_size = Integer When a yaws file receives large POSTs, the amount of data received in each chunk is determined by the this parameter. The deafult value is 10240. I found two errors in the yaws code, The man page is wrong, there is an additional value, which erronously was the default value - namely nolimit So I've just changed the default value and corrected the man page. Your remedy here is to explicitly set the partial_post_size to e.g 10240 in your yaws.conf file and you'll be all set. Thanks for reporting /klacke |
From: Michal Z. <zaj...@gm...> - 2010-03-02 15:23:47
|
heh, this is it. I had it in my yaws.conf (partial_post_size=65536), thats way I could not observe the bug. 2010/3/2 Claes Wikström <kl...@ta...> > Daniel Fahlke wrote: > > > And thank you for your time > > > > > I actually got pretty worried here, there is a config > parameter > > partial_post_size = Integer > When a yaws file receives large POSTs, the amount of > data > received in each chunk is determined by the this parameter. > The > deafult value is 10240. > > I found two errors in the yaws code, > > The man page is wrong, there is an additional value, which erronously > was the default value - namely nolimit > > So I've just changed the default value and corrected the man page. Your > remedy here is to explicitly set the partial_post_size to e.g 10240 in > your yaws.conf file and you'll be all set. > > Thanks for reporting > > /klacke > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > |
From: Daniel F. <fly...@go...> - 2010-03-03 09:30:34
|
2010/3/2 Michal Zajda <zaj...@gm...> > heh, this is it. I had it in my yaws.conf (partial_post_size=65536), thats > way I could not observe the bug. > > 2010/3/2 Claes Wikström <kl...@ta...> > >> Daniel Fahlke wrote: >> >> >> > And thank you for your time >> > >> >> >> I actually got pretty worried here, there is a config >> parameter >> >> partial_post_size = Integer >> When a yaws file receives large POSTs, the amount of >> data >> received in each chunk is determined by the this parameter. >> The >> deafult value is 10240. >> >> I found two errors in the yaws code, >> >> The man page is wrong, there is an additional value, which erronously >> was the default value - namely nolimit >> >> So I've just changed the default value and corrected the man page. Your >> remedy here is to explicitly set the partial_post_size to e.g 10240 in >> your yaws.conf file and you'll be all set. >> >> Thanks for reporting >> >> /klacke >> >> >> ------------------------------------------------------------------------------ >> >> Erlyaws-list mailing list >> Erl...@li... >> https://lists.sourceforge.net/lists/listinfo/erlyaws-list >> > > Hi, its me again =D i got an error message if I start Yaws with this additional config "Yaws: bad conf: Unexpected tokens "partial_post_size" at line 73 terminating" thats the line: "partial_post_size = 10240" |
From: Michal Z. <zaj...@gm...> - 2010-03-03 10:30:34
|
do not place the parameter in 'main' namespace(?), but in server tag. <server www.somename.com> port = 8080 listen = 0.0.0.0 docroot = docroot partial_post_size=65536 arg_rewrite_mod = some_app appmods = <xxx, module> </server> On 3 March 2010 10:30, Daniel Fahlke <fly...@go...> wrote: > 2010/3/2 Michal Zajda <zaj...@gm...> > >> heh, this is it. I had it in my yaws.conf (partial_post_size=65536), thats >> way I could not observe the bug. >> >> 2010/3/2 Claes Wikström <kl...@ta...> >> >>> Daniel Fahlke wrote: >>> >>> >>> > And thank you for your time >>> > >>> >>> >>> I actually got pretty worried here, there is a config >>> parameter >>> >>> partial_post_size = Integer >>> When a yaws file receives large POSTs, the amount of >>> data >>> received in each chunk is determined by the this parameter. >>> The >>> deafult value is 10240. >>> >>> I found two errors in the yaws code, >>> >>> The man page is wrong, there is an additional value, which erronously >>> was the default value - namely nolimit >>> >>> So I've just changed the default value and corrected the man page. Your >>> remedy here is to explicitly set the partial_post_size to e.g 10240 in >>> your yaws.conf file and you'll be all set. >>> >>> Thanks for reporting >>> >>> /klacke >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Erlyaws-list mailing list >>> Erl...@li... >>> https://lists.sourceforge.net/lists/listinfo/erlyaws-list >>> >> >> > Hi, its me again =D > > i got an error message if I start Yaws with this additional config > > "Yaws: bad conf: Unexpected tokens "partial_post_size" at line 73 > terminating" > > thats the line: > > "partial_post_size = 10240" > > > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > > |
From: Daniel F. <fly...@go...> - 2010-03-03 10:38:41
|
2010/3/3 Michal Zajda <zaj...@gm...> > do not place the parameter in 'main' namespace(?), but in server tag. > > <server www.somename.com> > port = 8080 > listen = 0.0.0.0 > docroot = docroot > partial_post_size=65536 > arg_rewrite_mod = some_app > appmods = <xxx, module> > </server> > > > On 3 March 2010 10:30, Daniel Fahlke <fly...@go...> wrote: > >> 2010/3/2 Michal Zajda <zaj...@gm...> >> >>> heh, this is it. I had it in my yaws.conf (partial_post_size=65536), >>> thats way I could not observe the bug. >>> >>> 2010/3/2 Claes Wikström <kl...@ta...> >>> >>>> Daniel Fahlke wrote: >>>> >>>> >>>> > And thank you for your time >>>> > >>>> >>>> >>>> I actually got pretty worried here, there is a config >>>> parameter >>>> >>>> partial_post_size = Integer >>>> When a yaws file receives large POSTs, the amount >>>> of data >>>> received in each chunk is determined by the this >>>> parameter. The >>>> deafult value is 10240. >>>> >>>> I found two errors in the yaws code, >>>> >>>> The man page is wrong, there is an additional value, which erronously >>>> was the default value - namely nolimit >>>> >>>> So I've just changed the default value and corrected the man page. Your >>>> remedy here is to explicitly set the partial_post_size to e.g 10240 in >>>> your yaws.conf file and you'll be all set. >>>> >>>> Thanks for reporting >>>> >>>> /klacke >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> Erlyaws-list mailing list >>>> Erl...@li... >>>> https://lists.sourceforge.net/lists/listinfo/erlyaws-list >>>> >>> >>> >> Hi, its me again =D >> >> i got an error message if I start Yaws with this additional config >> >> "Yaws: bad conf: Unexpected tokens "partial_post_size" at line 73 >> terminating" >> >> thats the line: >> >> "partial_post_size = 10240" >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Erlyaws-list mailing list >> Erl...@li... >> https://lists.sourceforge.net/lists/listinfo/erlyaws-list >> >> > Yeah, that was the error, thank you^^ |