From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jan 1 20:00:04 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49F34106564A for ; Thu, 1 Jan 2009 20:00:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1D3AE8FC1E for ; Thu, 1 Jan 2009 20:00:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n01K04Fi038618 for ; Thu, 1 Jan 2009 20:00:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n01K03hU038617; Thu, 1 Jan 2009 20:00:03 GMT (envelope-from gnats) Resent-Date: Thu, 1 Jan 2009 20:00:03 GMT Resent-Message-Id: <200901012000.n01K03hU038617@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jeremy Chadwick Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34CD6106566B for ; Thu, 1 Jan 2009 19:53:50 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [76.96.30.16]) by mx1.freebsd.org (Postfix) with ESMTP id 1DCDA8FC16 for ; Thu, 1 Jan 2009 19:53:50 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA07.emeryville.ca.mail.comcast.net ([76.96.30.59]) by QMTA01.emeryville.ca.mail.comcast.net with comcast id yKW81a00f1GXsucA1KdrmG; Thu, 01 Jan 2009 19:37:51 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA07.emeryville.ca.mail.comcast.net with comcast id yKdq1a0012P6wsM8TKdqHr; Thu, 01 Jan 2009 19:37:50 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 024DE33C36; Thu, 1 Jan 2009 11:37:49 -0800 (PST) Message-Id: <20090101193749.024DE33C36@icarus.home.lan> Date: Thu, 1 Jan 2009 11:37:49 -0800 (PST) From: Jeremy Chadwick To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/130100: www/webalizer: Unreasonable "truncating oversized request field" warnings X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jeremy Chadwick List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jan 2009 20:00:04 -0000 >Number: 130100 >Category: ports >Synopsis: www/webalizer: Unreasonable "truncating oversized request field" warnings >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jan 01 20:00:03 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Jeremy Chadwick >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: >Environment: System: FreeBSD icarus.home.lan 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Sat Dec 6 03:51:10 PST 2008 root@icarus.home.lan:/usr/obj/usr/src/sys/X7SBA_RELENG_7_amd64 amd64 >Description: When webalizer encounters an Apache log entry whose request (GET/HEAD/POST) exceeds 512 bytes in length, it emits the following warning while processing: Warning: Truncating oversized request field [647] The number shown correlates with the log file line number which caused the warning. In this case, here is the log entry: 89.128.3.8 - - [31/Dec/2008:12:34:00 -0800] "GET /category/trans/im-kid-dracula/fonts/category/blog/page/2/trans/im-kid-dracula/trans/dream-penguin-adventure/trans/sd-hiryu-no-ken-ex/contact/trans/nekketsu-street-basket-ganbare-dunk-heroes/fonts/contact/trans/dream-penguin-adventure/donations/category/blog/category/blog/contact/contact/contact/trans/sd-hiryu-no-ken-ex/trans/karnov/fonts/trans/doki-doki-panic/trans/nettou-the-king-of-fighters-96/trans/sd-hiryu-no-ken-ex/category/blog/trans/ys-iii-wanderers-from-ys/category/blog/trans/tomorrows-joe/trans/fonts/ HTTP/1.1" 200 5300 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" This is indeed a long URL -- the content request portion is ~517 bytes long. RFCs do not define the length, so each web server has an arbitrary limit. Using Apache as an example: Apache 1.x supports up to 4000 characters, while 2.x supports up to 8192. Present-day web browsers will submit anywhere between 65536 and 190000 characters. webalizer's code, however, imposes a limit of 512. The define is called MAXURLH located in webalizer.h at line 19. I feel this value should be increased to something more reasonable, given that URLs in this day and age are often longer than they were when webalizer was originally written. I fully acknowledge that this issue should be reported upstream, but I've a gut feeling administrators/users have done this with either no response or rejection. (This is an assumption on my part.) I have not verified that the code change will not break anything internally, but based on reading Debian and OpenSuSE mailing lists, they have increased this value in the past without harm. >How-To-Repeat: Place an entry in your webserver log file which contains a request that exceeds 512 bytes and run webalizer. >Fix: Increase MAXURLH from 512 to something larger; I propose 2048. I have concerns increasing it to 4096, as I'm not sure how this variable interacts or relates to the "MAXURL" variable (which is 4096). >Release-Note: >Audit-Trail: >Unformatted: