Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable / detect mod_reqtimeout to avoid upload problems #14603

Closed
ghost opened this issue Feb 28, 2015 · 10 comments
Closed

Disable / detect mod_reqtimeout to avoid upload problems #14603

ghost opened this issue Feb 28, 2015 · 10 comments
Labels
enhancement status/STALE
Milestone
maybe some day

Comments

@ghost
Copy link

ghost commented Feb 28, 2015
edited by DeepDiver1975
Loading

According to:

http://sabre.io/dav/webservers/

the Apache module could stop large uploads from completing. On Ubunutu 14.04 its not enabled by default anymore but it could be still useful to add a check similar to #6675 and #6637.

The .htaccess approach is probably recommended as the apache_get_modules approach is not working on PHP CGI.
@ghost
Copy link
Author

ghost commented Feb 28, 2015

Ok, an .htaccess entry like:

<IfModule reqtimeout_module>
  RequestReadTimeout header=0
  RequestReadTimeout body=0
</IfModule>

could do the trick.

@LukasReschke
Copy link
Member

Care to submit a pull request? 😄

@ghost ghost mentioned this issue Feb 28, 2015
Merged
@ghost
Copy link
Author

ghost commented Feb 28, 2015

I'm not sure if disabling it completely is the best approach here? Any opinions?

@LukasReschke
Copy link
Member

Disabling in our default .htaccess does not hurt :)

@ghost ghost mentioned this issue Feb 28, 2015
Closed
@ghost
Copy link
Author

ghost commented Mar 2, 2015

Context: server config, virtual host

from https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout so we can't use this in a .htaccess file.

@ghost ghost mentioned this issue Mar 5, 2015
Closed
@DeepDiver1975 DeepDiver1975 added this to the 8.1-current milestone Mar 6, 2015
@ghost ghost mentioned this issue Mar 28, 2015
Merged
@ghost
Copy link
Author

ghost commented Mar 28, 2015

Ref for the doc part: owncloud-archive/documentation#992

@karlitschek karlitschek modified the milestones: 8.2-next, 8.1-current May 4, 2015
@DeepDiver1975 DeepDiver1975 modified the milestones: 9.0-next, 8.2-current Sep 21, 2015
@ghost ghost modified the milestones: 9.1-next, 9.0-current Feb 20, 2016
@ghost ghost added the old-inactive label Feb 20, 2016
@ghost ghost mentioned this issue May 21, 2016
Closed
@PVince81 PVince81 modified the milestones: 9.1-current, 9.2-next Jun 14, 2016
@PVince81 PVince81 modified the milestones: backlog, 10.0 Jan 27, 2017
@ghost
Copy link
Author

ghost commented Feb 28, 2017
edited by ghost
Loading

Just to have this documented here. Debian stable / jessie is now enabling this module by default again starting with the version 2.4.10-10+deb8u8 of Apache:

Activate mod_reqtimeout in new installs and during updates from before 2.4.10-10+deb8u8. It was wrongly not activated in new installs since jessie. This made the default installation vulnerable to some DoS attacks.

Trouble incoming...

@ghost
Copy link
Author

ghost commented Feb 28, 2017
edited by ghost
Loading

Default setting on Debian (/etc/apache2/mods-enabled/reqtimeout.conf) below. Could those cause troubles for ownCloud?

 	# Wait max 20 seconds for the first byte of the request line+headers
	# From then, require a minimum data rate of 500 bytes/s, but don't
	# wait longer than 40 seconds in total.
	# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
	# cause problem with ssl enabled virtual hosts: This timeout includes
	# the time a browser may need to fetch the CRL for the certificate. If
	# the CRL server is not reachable, it may take more than 10 seconds
	# until the browser gives up.
	RequestReadTimeout header=20-40,minrate=500

	# Wait max 10 seconds for the first byte of the request body (if any)
	# From then, require a minimum data rate of 500 bytes/s
	RequestReadTimeout body=10,minrate=500

@ownclouders ownclouders mentioned this issue Mar 13, 2018
Closed
@butonic
Copy link
Member

butonic commented Mar 13, 2018

at least documented in https://github.com/owncloud/documentation/blob/master/admin_manual/configuration/files/big_file_upload_configuration.rst#configuring-your-web-server

@tomneedham @PVince81 add check on the admin page?

@patrickjahns patrickjahns mentioned this issue Mar 11, 2019
Open
@kesselb kesselb mentioned this issue Apr 14, 2019
Closed
@stale
Copy link

stale bot commented Sep 20, 2021

This issue has been automatically closed.

@stale stale bot closed this as completed Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement status/STALE
Projects
None yet
Milestone
maybe some day
Development

Successfully merging a pull request may close this issue.

Disable timeouts of mod_reqtimeout in .htaccess
7 participants
@PVince81 @karlitschek @LukasReschke @butonic @DeepDiver1975 @micbar @ownclouders