Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:112606
Return-Path: <email@nunoperalta.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 37647 invoked from network); 23 Dec 2020 00:23:03 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 23 Dec 2020 00:23:03 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0A2441804B1
	for <internals@lists.php.net>; Tue, 22 Dec 2020 15:55:52 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <email@nunoperalta.com>
Received: from premium59-1.web-hosting.com (premium59-1.web-hosting.com [198.54.120.221])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 22 Dec 2020 15:55:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=nunoperalta.com; s=default; h=Content-Type:MIME-Version:Date:Message-ID:
	Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=qjE85v3ahrkpyGS6k8jNTlhNe/IQRccZPi++qQjP4Fg=; b=A2nS3qDhkvBjXoXqNtvuf/LT67
	n29GqY5tyENaB0wWg8/zeoz9nSX1l7NkKTuzuAq4GBpOaofYstMY4CAI062vYjaJIj4kzzJbXjR9B
	w1vWoqV2PKsLAqiwakszRYQ/QUAoh4W5VKb2R8MthWDhssH38hTtDpryL1JSCsN0naOA=;
Received: from [80.111.118.249] (port=64201 helo=[192.168.0.20])
	by premium59.web-hosting.com with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.93)
	(envelope-from <email@nunoperalta.com>)
	id 1krrVK-000Mf5-Er
	for internals@lists.php.net; Tue, 22 Dec 2020 18:55:51 -0500
To: internals@lists.php.net
Message-ID: <90c32775-bd54-a8ad-fc4e-ac6f33d60a9f@nunoperalta.com>
Date: Tue, 22 Dec 2020 23:55:44 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------37FE99F4B7315E3B26041BCB"
Content-Language: en-US
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - premium59.web-hosting.com
X-AntiAbuse: Original Domain - lists.php.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - nunoperalta.com
X-Get-Message-Sender-Via: premium59.web-hosting.com: authenticated_id: email@nunoperalta.com
X-Authenticated-Sender: premium59.web-hosting.com: email@nunoperalta.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-From-Rewrite: unmodified, already matched
Subject: "POST Content-Length of 131279729 bytes exceeds the limit of 67108864
 bytes in Unknown on line 0"
From: email@nunoperalta.com (Nuno Peralta)

--------------37FE99F4B7315E3B26041BCB
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

I'd like to open this for discussion.

Many times, I get this in the error logs:

/[20-Dec-2020 00:00:39 UTC] PHP Warning: POST Content-Length of 
131279729 bytes exceeds the limit of 67108864 bytes in Unknown on line 0/

I'd like to give the suggestion to PHP developers to make it more useful.


In my applications, I register error/exception handlers, like:

/set_error_handler('process_error_backtrace');//
//set_exception_handler('process_exception_backtrace');/

which allow me to add a lot more info to the errors, such as full URL, 
Referer, IP, user ID, etc...

However, for the bytes exceeds the limit error above, I can't really do 
much about it, because:

1) I have no idea which PHP script or URL was being invoked (it just 
says "Unknown")
2) I have no idea who is trying to send that much data (am I being 
DoS'ed? if so, what IP should I block?)
3) I cannot use an error handler to reformat the error the way I want, 
like I do for all other errors

It would be nice if PHP developers could do something about this. Or is 
there a big limitation that makes it impossible to improve it?


We may have 3 options to consider:

1) Make any "pre-invoke" errors contain some extra information (like IP, 
full URL, script path provided to PHP-FPM, whatever is possible)
2) Have some new php.ini/PHP-FPM setting where we can provide a "pipe 
script" to send these errors to (we could call error_get_last() to get 
the error)
3) Simply invoke the page/script like normal, with $_POST empty/null, 
and it would be up to every PHP page/script to call error_get_last() as 
soon as possible, to detect any "pre-invoke" errors


Do you think an RFC can be raised for this? :)

Thank you very much
Nuno


--------------37FE99F4B7315E3B26041BCB--