httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Fixing protocol violations in mod_proxy
Date Wed, 26 Sep 2007 22:42:40 GMT
As some of you know, I'm working on fixing bugs in mod_proxy.

As part of this effort, I've signed up with a testing service
called Co-Advisor, at
(who is also responsible for a number of our long-standing bug
reports).  This gives me use of a good range of testcases,
and a tool to run them and produce useful diagnostics.
The purpose of the service is to detect violations of the
HTTP protocol (RFC2616).

Anyone interested in this work: I've opened a tracking bug:

My first milestone here is to work through all mod_proxy
violations excluding those concerning caching.  Co-advisor
offers a subset comprising 369 testcases, which I've run
on a clean 2.2.6 build.  This is a summary of my first
two test-runs.

* Clean 2.2.6 build, Forward proxy, ProxyVia On, TraceEnable On
  296 Success
   42 Violation
   31 Failure

Note the terminology: a "Failure" means a test that did not
complete, so it may or may not mean a bug.

Going through the reported violations, I see:

* Proxy fails to remove hop-by-hop response headers
Verdict: bug

* Proxy Fails to deal correctly with Via header.
No via header is added when there are already several.
Verdict: bug

* Proxy leaves trailers in multipart/byteranges entities.
Comment: The Request testcase is bogus.
The Response testcase correctly points to an error,
but it's the origin server that's at fault.
Verdict: a configuration option to make mod_proxy fix it
would make a useful (but non-urgent) enhancement.

* Chunked request with too big chunks: proxy returns 413
Verdict: look at ProxyIOBufferSize

* Chunked response with too big chunks: the response is
lost completely.
Verdict: serious bug!!!

* Proxy fails to remove Warning response headers with wrong date
Verdict: bug

* Proxy must remove response headers listed in a Connection header.
This fails when there are multiple Connection headers.
Verdict: bug

* TRACE method: returns 403 with TraceEnable Off.  This bug is
already fixed in code.

* OPTIONS method: proxy MUST NOT add Max-Forwards header if there
isn't one already.
Verdict: bug.

* GET method: ditto.
Verdict: Need to figure out the role of Max-Forwards in methods that
don't explicitly mandate it.  This is a strange testcase.

* Proxy violates no-transform by adding Content-Type header
Verdict: bug, probably fixed by today's fix to PR 13986

* Max-forwards: integer overflow when a silly value is set.
Verdict: looks like a WONTFIX

* Proxy eats unrequested 1xx responses.
Verdict: Technically this reads like a violation, but it
seems sensible in practice.  Need to clarify.


* Proxy rejects both Requests (400) and Responses (502) with
excessive numbers of tokens in a Content-Type line.
Verdict: Investigate

* Date handling checks: unable to proceed due to Warning bug.
Verdict: retest when Warning bug is fixed.

* Pipelining requests: not supported
Verdict: Enhancement request; LATER

* OPTIONS * with Max-Forwards 0 returns 403
Verdict: This probably means the testcase is passed
(proxy MUST NOT forward it).  But handling OPTIONS
should've returned 405 or success, not 403.

* Retry tests: Proxy does not retry when backend aborts
Verdict: Potential enhancement.  Possibly related to PR38763.

 * cross-reference the above to existing reports in
   Bugzilla, and update PR43454 to track fixes.
 * Hack up something to extract an Executive Summary
   from Co-Advisor reports.

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message