Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A52A96DD9 for ; Sat, 18 Jun 2011 20:05:56 +0000 (UTC) Received: (qmail 22030 invoked by uid 500); 18 Jun 2011 20:05:53 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 22003 invoked by uid 500); 18 Jun 2011 20:05:53 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 21995 invoked by uid 99); 18 Jun 2011 20:05:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Jun 2011 20:05:53 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rainer.jung@kippdata.de designates 195.227.30.149 as permitted sender) Received: from [195.227.30.149] (HELO mailserver.kippdata.de) (195.227.30.149) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Jun 2011 20:05:45 +0000 Received: from [192.168.2.101] ([192.168.2.101]) by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id p5IK5OSp003147 for ; Sat, 18 Jun 2011 22:05:24 +0200 (CEST) Message-ID: <4DFD0503.2020202@kippdata.de> Date: Sat, 18 Jun 2011 22:05:23 +0200 From: Rainer Jung User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: users@httpd.apache.org References: <52CAD106C0AD164C9646DEC80D96E65D07A6DE9A@Godzilla.nexperience.com><4DF85CB4.20508@adaptr.nl><52CAD106C0AD164C9646DEC80D96E65D07A6E3A8@Godzilla.nexperience.com><4DF9059F.8050008@adaptr.nl> <52CAD106C0AD164C9646DEC80D96E65D07A74782@Godzilla.nexperience.com> <4DFD0330.4020501@kippdata.de> In-Reply-To: <4DFD0330.4020501@kippdata.de> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Apache returns 200 to client in case of proxytimeout On 18.06.2011 21:57, Rainer Jung wrote: > On 16.06.2011 08:35, Moshe Ben-Shoham wrote: >> But this is not the case - the request was perfectly OK, just took the backend server too long to handle (note that I am less worried about bogus requests because this Apache is behind firewall and only serves requests coming from another component in the system, which is under our control). >> >> I would like to focus on my original question: Why did Apache return 200 to the client in case of proxy timeout? > > It could be because of CVE-2010-2068, which was fixed in 2.2.16. Please > try again with 2.2.latest. Forgot to ask: what's your platform? Windows? > You should also fix your configuration before restesting. Read the most > recent online docs about workers in mod_proxy carefully. > > I expect that your ProxySet seetings are not functional the way you > configured them. > > Regards, > > Rainer > >> From: Jeroen Geilman [mailto:jeroen@adaptr.nl] >> Sent: Wednesday, June 15, 2011 10:19 PM >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout >> >> On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote: >> Hi, >> >> Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works. >> >> Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed): >> >> RewriteRule ^/x/y(.*) http://localhost:9003$1 [P] >> >> In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives: >> >> [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost >> >> >> It means what it says. >> >> Your rule allows bogus constructions like http://localhost:9003002001/foobar/. >> >> ALWAYS include slashes at ambiguous locations! >> >> >> >> >> Thanks, >> Moshe Ben Shoham >> Perfecto Mobile >> >> From: Jeroen Geilman [mailto:jeroen@adaptr.nl] >> Sent: Wednesday, June 15, 2011 10:18 AM >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout >> >> On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote: >> Hi, >> >> We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes. >> >> Here's the relevant configuration we use: >> >> >> >> That is not valid syntax for ProxyMatch, which requires a regular expression. >> Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details. >> >> >> ProxySet smax=5 max=20 ttl=120 keepalive=On >> >> >> Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL): >> >> 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625 >> >> >> No way to know that the proxy is being hit. >> >> >> >> >> >> Is that the expected behavior? I would expect an error code, maybe 504. >> >> Thanks, >> Moshe Ben Shoham >> Perfecto Mobile --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org