httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40029] New: - mod_proxy should interoperate with RPC over HTTP
Date Wed, 12 Jul 2006 13:25:59 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40029>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40029

           Summary: mod_proxy should interoperate with RPC over HTTP
           Product: Apache httpd-2
           Version: 2.2.2
          Platform: PC
               URL: http://some.server/rpc
        OS/Version: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P4
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: hans@red.roses.de


This is more of an enhancement request, and it might concern the core as well: 
When Apache is used to proxy HTTP/1.1 requests and it encounters unknown
methods, it should relay the content of both the request and the response body
parts as they arrive - i.e. without any blocking, buffering or delaying.

Background:

I'm trying to grant road warrior users access to our company Exchange server
through RPC over HTTP.  In my setup, an Apache 2.2.2 on a FreeBSD server in the
DMZ should act as a proxy between the Internet and the IIS on on the Exchange
server.  The communication is SSL-encrypted in both directions (SSLEngine and
SSLProxyEngine On).

Unfortunately, the Outlook client just hangs when trying to access Exchange
through the proxy.  The Apache error log shows these messages:

[Mon Jul 10 10:48:48 2006] [error] (70007)The timeout specified has expired:
proxy: prefetch request body failed to <exchangeip>:<port> (<exchange>)
from
<clientip> ()

After working on this for quite some time, I believe I can rule out the usual
configuration and certificate problems that are described on various websites. 
Also, I have a Linux in my internal network with an older version of Apache
(2.0.53) where the same proxy configuration works (not too stable and
performant, but it does work).

I did some analysis with ssldump on both proxies.  Apparently, RPC over HTTP
opens two HTTP/1.1 requests:  One with request method RPC_IN_DATA to send data
to the server, and one with method RPC_OUT_DATA to send data back to the client.
 The body consists of raw binary data, and the connections are apparently
re-used for several RPCs.

I.e. after sending the headers for both connections, the client sends a request
on the IN connections, reads the response from the OUT connection, sends another
request on the IN connection and so on - which means that any buffering in the
proxy is absolutely deadly in this scenario.

Here's an example of an IN connection header:
    RPC_IN_DATA /rpc/rpcproxy.dll?<exchange>:6002 HTTP/1.1
    Accept: application/rpc
    User-Agent: MSRPC
    Host: <proxy>
    Content-Length: 1073741824
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache
    Authorization: Basic <user/passwd>

And here's an example of an OUT connection header:
    RPC_OUT_DATA /rpc/rpcproxy.dll?<exchange>:6002 HTTP/1.1
    Accept: application/rpc
    User-Agent: MSRPC
    Host: <proxy>
    Content-Length: 76
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache
    Authorization: Basic <user/passwd>

ssldump on the Apache 2.2.2 machine shows that the RPC_OUT_DATA is correctly
forwarded to the Exchange server.  For the RPC_IN_DATA, OTOH, the proxy doesn't
even open a connection to the Exchange server.  I can only guess that's it's
trying to read (prefetch?) a part or all of the 1073741824 bytes
(Content-Length) before opening the session to the Exchange server.

Unfortunately, the client only sends a small request (~ 100 bytes) on the IN
connection and starts waiting for a response on the OUT connection. It never
gets one, though, since the request hasn't reached the Exchange server yet.

On the Apache 2.0.53 server, however, both requests are forwarded to the
Exchange server, and the body bits are also relayed in a direct and timely
manner.  I've tried an Apache 2.0.58 on the FreeBSD server, but that one doesn't
work, either.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message