[Python-modules-team] Bug#801506: 413 Client Error: Request Entity Too Large on SSL site where curl works
Enrico Zini
enrico at enricozini.org
Fri Jun 10 19:10:50 UTC 2016
On Sun, May 15, 2016 at 06:54:06PM +0200, Daniele Tricoli wrote:
> This is my actual plan:
> 1. Update urllib3 and requests (the first package is ready, I'm updating
> requests right now)
> 2. see if the problem is still present;
> 3. forward the bug upstream; upstream is very responsive so we will have
> news soon.
We worked out more details on #debian-admin and I've already posted the
results on the upstream repository.
I'll write it also here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=39243 is relevant, and
they have a rationale and a work-around:
But you should really design your site to ensure that the first
request to a client-cert-protected area is not a POST request with a
large body; make it a GET or something. Any request body has to be
buffered into RAM to handle this case, so represents an opportunity to
DoS the server.
I can change python-debiancontributors to do a GET before a post, the
GET gets to negotiate SSL correctly and smoothly, and the POST
afterwards should go through.
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20160610/7f663195/attachment.sig>
More information about the Python-modules-team
mailing list