Why doesn't IIS support chunked transfer encoding?
Asked Answered
A

5

7

I am making an HTTP connection to an IIS web server and sending a POST request with the data encoded using Transfer-Encoding: chunked. When I do this, IIS simply closes the connection, with no error message or status code. According to the HTTP 1.1 spec,

All HTTP/1.1 applications MUST be able to receive and decode the "chunked" transfer-coding

so I don't understand why it's (a) not handling that encoding and (b) it's not sending back a status code. If I change the request to send the Content-Length rather than Transfer-Encoding, the query succeeds, but that's not always possible.

When I try the same thing against Apache, I get a "411 Length required" status and a message saying "chunked Transfer-Encoding forbidden".

Why do these servers not support this encoding?

Ahouh answered 3/12, 2008 at 20:45 Comment(0)
C
4

My understanding is that chunked encoding can only be used in a HTTP response. A chunked request body would have the property of being incompatible with a 1.0 server, and in any case, there would be no way of a user-agent knowing that the server was a 1.0 server until it had already sent the request.

But I agree it's unclear from the documentation.

Carbonic answered 3/12, 2008 at 21:13 Comment(5)
The client could interrogate the server by sending a HEAD request, among others. Reading RFC 2616, section 3.6 states that the server must send a 501 response when receiving a transfer-encoding header it does not understand. Section 3.6.1 says that all HTTP 1.1 applications must be able to receive and decode chunked transfer-coding. So it seems clear for me - client-to-server communication can be chunked. A common scenario is file upload.Silhouette
The original poster didn't mention which version of IIS they are using, but IIS 7 definately supports incoming chunked data - I've got a C++ application sending requests as chunked data to IIS 7 without any issuesRosenblast
I think you're incorrect. Servers and clients should support chunked (That doesn't mean that they do though). Your reasoning that incompatibility would result is not valid, because any client supporting http1.1 should also understand how to talk to an http1.0 server. See: jmarshall.com/easy/http/#http1.1s3 and: atnan.com/2008/8/8/transfer-encoding-chunked-chunky-http and: w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6 (Section 3.6.1 also)Guilbert
I think that clients which send chunked requests to a HTTP 1.0 server are broken; if the client can know that the server support HTTP 1.1 before it sends anything to it (by magic?) then it can send a chunked request. Some clients look at responses to previous requests to decide whether a server supports 1.1, I guess that's valid in most cases (still dubious behaviour though).Carbonic
Downvoting, the HTTP 1.1 standard states that Chunked Transfer-Encoding is to be supported for requests and responses.Iz
P
8

Take a look at your client.

Both IIS & Apache support POST requests using chunked transfer-encoding. You can verify this using the curl utility:

curl <upload-url> --form "upfile=@<local_file>" --header "Transfer-Encoding: chunked"

Verify the transfer is chunked using Wireshark

Patricio answered 30/7, 2009 at 19:26 Comment(0)
C
4

My understanding is that chunked encoding can only be used in a HTTP response. A chunked request body would have the property of being incompatible with a 1.0 server, and in any case, there would be no way of a user-agent knowing that the server was a 1.0 server until it had already sent the request.

But I agree it's unclear from the documentation.

Carbonic answered 3/12, 2008 at 21:13 Comment(5)
The client could interrogate the server by sending a HEAD request, among others. Reading RFC 2616, section 3.6 states that the server must send a 501 response when receiving a transfer-encoding header it does not understand. Section 3.6.1 says that all HTTP 1.1 applications must be able to receive and decode chunked transfer-coding. So it seems clear for me - client-to-server communication can be chunked. A common scenario is file upload.Silhouette
The original poster didn't mention which version of IIS they are using, but IIS 7 definately supports incoming chunked data - I've got a C++ application sending requests as chunked data to IIS 7 without any issuesRosenblast
I think you're incorrect. Servers and clients should support chunked (That doesn't mean that they do though). Your reasoning that incompatibility would result is not valid, because any client supporting http1.1 should also understand how to talk to an http1.0 server. See: jmarshall.com/easy/http/#http1.1s3 and: atnan.com/2008/8/8/transfer-encoding-chunked-chunky-http and: w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6 (Section 3.6.1 also)Guilbert
I think that clients which send chunked requests to a HTTP 1.0 server are broken; if the client can know that the server support HTTP 1.1 before it sends anything to it (by magic?) then it can send a chunked request. Some clients look at responses to previous requests to decide whether a server supports 1.1, I guess that's valid in most cases (still dubious behaviour though).Carbonic
Downvoting, the HTTP 1.1 standard states that Chunked Transfer-Encoding is to be supported for requests and responses.Iz
A
3

It goes both ways. try uploading a image 2MB++ to photobucket and record it. their uploader uploads chunked to their apache servers.

Amateurism answered 21/12, 2011 at 19:55 Comment(0)
S
-1

My only guess is they did not implement it out of concerns for security. In a naive solution it would be easy to set up a DOS attack by starting multiple chunked transfers that never end. And a complex solution which could account for the DOS attack is probably not worth the effort.

Of course I cannot speak for Apache or IIS, you may be able to contact the Apache team directly though: http://httpd.apache.org/bug_report.html

I agree with MarkR that I always thought chunked encoding could only be used as a response, but the documentation sure makes it sound like it can be used in a request or a response.

Subsonic answered 3/12, 2008 at 21:22 Comment(2)
Clients can use chunked encoding. This is allowed by RFC2616. For example it is useful in file upload scenarios.Silhouette
You could trivially set up a similar DOS attack without chunked encoding. Claim a content-length of 1, but never send the body. Done. I think the difference with chunked is that it doesn't require a content-length header, so you can stream unknown length of data which terminates by closing the connection. IIS protects against these issues with a max request length and a request timeout.Vanover
S
-1

This command came to rescue for me!

C:\Windows\System32\Inetsrv\Appcmd.exe set config -section:httpCompression
-[name='gzip'].staticCompressionLevel:9 -[name='gzip'].dynamicCompressionLevel:4

saved my day... hope it helps someone like me!

Sev answered 30/7, 2015 at 15:3 Comment(1)
I don't see what enabling compression has to do with handling chunked requests. Downvoted.Conscript

© 2022 - 2024 — McMap. All rights reserved.