httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ewald Dieterich <ew...@mailbox.org>
Subject Re: Reverse proxy: invalid Content-Length leads to 413 + 400 errors mixed up
Date Thu, 08 Jan 2015 14:47:56 GMT
On 01/08/2015 01:39 PM, Eric Covener wrote:
> On Thu, Jan 8, 2015 at 4:38 AM, Ewald Dieterich <ewald@mailbox.org> wrote:
>> Any ideas how to fix this so that this situation is handled as a single
>> error and not as two errors mixed up?
>
> in mod_proxy.c you will see at least 1 stanza like this:
>
>          status = ap_get_brigade(r->input_filters, temp_brigade,
>                                  AP_MODE_READBYTES, APR_BLOCK_READ,
>                                  MAX_MEM_SPOOL - bytes_read);
>          if (status != APR_SUCCESS) {
>              ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01095)
>                            "prefetch request body failed to %pI (%s)"
>                            " from %s (%s)",
>                            p_conn->addr, p_conn->hostname ? p_conn->hostname:
"",
>                            c->client_ip, c->remote_host ? c->remote_host: "");
>              return HTTP_BAD_REQUEST;
>          }
>
> The proper pattern in 2.4.x and later is to not return an error like that:
>
>              return ap_map_http_request_error(status, HTTP_BAD_REQUEST);
>
> In the case of that -102 error, the -102 will be returned verbatim
> instead (AP_FILTER_ERROR). Are you able to test and verify?

Hope I tested the right thing. ap_map_http_request_error() is not 
available in 2.4.x, so I added it from trunk and replaced the return 
statements in the stanzas above as suggested. I attached a patch with my 
changes to 2.4.10.

The response looks good now:

$ curl -i -H "Content-Length: a" http://frontend/
HTTP/1.1 413 Request Entity Too Large
Date: Thu, 08 Jan 2015 14:22:09 GMT
Server: Apache/2.4.10 (Debian)
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/<br />
does not allow request data with GET requests, or the amount of data 
provided in
the request exceeds the capacity limit.
<hr>
<address>Apache/2.4.10 (Debian) Server at frontend Port 80</address>
</body></html>

But the access log entry is still wrong. Now a 200 is logged:

[...] "GET / HTTP/1.1" 200 590 "-" "curl/7.26.0"

I still see the -102 error:

[...] (-102)Unknown error -102: [client 10.128.128.95:46766] AH01095: 
prefetch request body failed to 10.8.19.114:80 (backend) from 
10.128.128.95 ()

I guess there are more changes in trunk that I would need to add?

Mime
View raw message