Return-Path: 
 <dev-return-81881-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3CDC21762C
	for <apmail-httpd-dev-archive@www.apache.org>;
 Thu,  8 Jan 2015 09:39:30 +0000 (UTC)
Received: (qmail 25824 invoked by uid 500); 8 Jan 2015 09:39:30 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 25748 invoked by uid 500); 8 Jan 2015 09:39:30 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 25738 invoked by uid 99); 8 Jan 2015 09:39:30 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2015 09:39:30 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of ewald@mailbox.org designates
 80.241.60.215 as permitted sender)
Received: from [80.241.60.215] (HELO mx2.mailbox.org) (80.241.60.215)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2015 09:39:04 +0000
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx2.mailbox.org (Postfix) with ESMTPS id 8653541F31
	for <dev@httpd.apache.org>; Thu,  8 Jan 2015 10:39:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h=
	content-transfer-encoding:content-type:content-type:subject
	:subject:mime-version:user-agent:from:from:date:date:message-id
	:received; s=mail20140220; t=1420709942; bh=0lBzDNpfR7FaYaeR9dXR
	G5pBgrjvbkQo0kcX0JMmIRw=; b=TAsNWrxd6YMMAn9LD/3P7+XE5vQORZhucbyQ
	CmRmGe+5ArFIhQJ/ZQCbLEopgxXwv1gSvR7BX8I+6vVep8iSUpYvbbVy1Jynp6kp
	FLNNu7RFQsTDbSalR1iTFECzr7Pkhp/qOtOZ+yYZoY851SjIlUL9oIkzPGNdY3T5
	sA7pmllw9p8dL6ehs6CLNwCxXcKaCFDavYeZu8CgnNXT3M8OvOc+phduoPZNCnzV
	RYNamB6pGWBaPjr43tibMQW0hQK2mZ+SEe7GdYxUsRIgmtGncSQpfPSRIORpSACC
	Jve/dnhpz5uFPuqqaWX9TjjOfAwumwKD5DPIrPd4a3znhL30o0KucgbnV6iu9dux
	LciCfFTNjsGUJ77Iva/zNBcMHt1M4y6eXU6tW5U/Z8EfAh53esQGar3qRfrou8xh
	Mgl6DCijR2+3D3P2fjxUb+MVOiyap5IztULna9Yv79wAQPMkXfS9a8mLus1xB8Vf
	WZmghw9SFGBgg3G9TpQjm6r6/MMeeHCwcPQQIgLeP+L2JwVqLWPqi3tRxxPJ5gG7
	eQE46cacQ0Zv0WNxFWDt0UZjfVglYjwiAacc4SNS59ZO3t9zYryFvrg4FOiPTmnc
	5Vta41TGEaBSjnB6phHwUdTEWfeIhofT44X7Z8F2G6Jv3WaMfdPTentpAAGMHZkF
	RvRw4+s=
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
	by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172])
 (amavisd-new, port 10030)
	with ESMTP id u1AOEqynBI_l for <dev@httpd.apache.org>;
	Thu,  8 Jan 2015 10:39:02 +0100 (CET)
Message-ID: <54AE5030.6030406@mailbox.org>
Date: Thu, 08 Jan 2015 10:38:56 +0100
From: Ewald Dieterich <ewald@mailbox.org>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Reverse proxy: invalid Content-Length leads to 413 + 400 errors mixed
 up
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

I set up a simple reverse proxy with Apache 2.4.10 on Debian unstable:

ProxyPass / http://backend/
ProxyPassreverse / http://backend/

When I send a request to the reverse proxy with an invalid 
Content-Length header, I get two 413 and 400 response bodies concatenated:

$ curl -i -H "Content-Length: a" http://frontend/
HTTP/1.1 413 Request Entity Too Large
Date: Thu, 08 Jan 2015 09:00:33 GMT
Server: Apache/2.4.10 (Debian)
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/<br />
does not allow request data with GET requests, or the amount of data 
provided in
the request exceeds the capacity limit.
<hr>
<address>Apache/2.4.10 (Debian) Server at frontend Port 80</address>
</body></html>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.10 (Debian) Server at frontend Port 80</address>
</body></html>

Even though the HTTP status code in the response is 413, the access log 
shows a 400 error:

[...] "GET / HTTP/1.1" 400 904 "-" "curl/7.26.0"

I think that first a 413 error is created that later gets replaced 
partly by a 400 error.

Here are some log entries:

[...] AH01587: Invalid Content-Length

=> That's where a 413 (HTTP_REQUEST_ENTITY_TOO_LARGE) is created.

[...] (-102)Unknown error -102: [client 10.128.128.95:46000] AH01095: 
prefetch request body failed to 10.8.19.114:80 (frontend) from 
10.128.128.95 ()

=> That's were where a 400 (HTTP_BAD_REQUEST) is returned.

Any ideas how to fix this so that this situation is handled as a single 
error and not as two errors mixed up?