Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B7C5667F2 for ; Thu, 16 Jun 2011 06:39:56 +0000 (UTC) Received: (qmail 69149 invoked by uid 500); 16 Jun 2011 06:39:52 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 69126 invoked by uid 500); 16 Jun 2011 06:39:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 69118 invoked by uid 99); 16 Jun 2011 06:39:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jun 2011 06:39:52 +0000 X-ASF-Spam-Status: No, hits=3.5 required=5.0 tests=HTML_MESSAGE,MIME_QP_LONG_LINE,SPF_PASS,UNPARSEABLE_RELAY,URI_HEX,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [212.150.204.129] (HELO nexperience.com) (212.150.204.129) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jun 2011 06:39:45 +0000 Received: from Internal Mail-Server by PUMA (envelope-from mosheb@perfectomobile.com) with AES128-SHA encrypted SMTP; 16 Jun 2011 08:52:38 +0300 Received: from GODZILLA.nexperience.com ([172.20.5.9]) by Godzilla.nexperience.com ([172.20.5.9]) with mapi id 14.01.0218.012; Thu, 16 Jun 2011 09:35:12 +0300 From: Moshe Ben-Shoham To: "users@httpd.apache.org" Thread-Topic: [users@httpd] Apache returns 200 to client in case of proxy timeout Thread-Index: AQHMKyvrH2UZYgYMh0KnjtMY/07Is5S+BM1AgACUs4CAAO9ScA== Date: Thu, 16 Jun 2011 06:35:12 +0000 Message-ID: <52CAD106C0AD164C9646DEC80D96E65D07A74782@Godzilla.nexperience.com> References: <52CAD106C0AD164C9646DEC80D96E65D07A6DE9A@Godzilla.nexperience.com> <4DF85CB4.20508@adaptr.nl> <52CAD106C0AD164C9646DEC80D96E65D07A6E3A8@Godzilla.nexperience.com> <4DF9059F.8050008@adaptr.nl> In-Reply-To: <4DF9059F.8050008@adaptr.nl> Accept-Language: en-US, he-IL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.20.5.74] Content-Type: multipart/alternative; boundary="_000_52CAD106C0AD164C9646DEC80D96E65D07A74782Godzillanexperi_" MIME-Version: 1.0 Subject: RE: [users@httpd] Apache returns 200 to client in case of proxy timeout --_000_52CAD106C0AD164C9646DEC80D96E65D07A74782Godzillanexperi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable But this is not the case - the request was perfectly OK, just took the back= end server too long to handle (note that I am less worried about bogus requ= ests because this Apache is behind firewall and only serves requests coming= from another component in the system, which is under our control). I would like to focus on my original question: Why did Apache return 200 to= the client in case of proxy timeout? Thanks, Moshe From: Jeroen Geilman [mailto:jeroen@adaptr.nl] Sent: Wednesday, June 15, 2011 10:19 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy ti= meout On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote: Hi, Thanks for the comment about the ProxyMatch syntax. I will look into it, al= though it works. Regarding the proxy hit, I know for sure that the request should be proxied= because is usually does. It matches the following rewrite rule (again, URL= was changed): RewriteRule ^/x/y(.*) http://localhost:9003$1 [P] In addition, every time the timeout occurs, I see the following message in = the Apache error log, exactly 300 seconds after the request arrives: [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A conn= ection attempt failed because the connected party did not properly respond = after a period of time, or established connection failed because connected = host has failed to respond. : proxy: error reading status line from remote = server localhost It means what it says. Your rule allows bogus constructions like http://localhost:9003002001/fooba= r/. ALWAYS include slashes at ambiguous locations! Thanks, Moshe Ben Shoham Perfecto Mobile From: Jeroen Geilman [mailto:jeroen@adaptr.nl] Sent: Wednesday, June 15, 2011 10:18 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy ti= meout On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote: Hi, We're using Apache 2.2.15, with mod_proxy_http for proxying requests to bac= kend processes. Here's the relevant configuration we use: That is not valid syntax for ProxyMatch, which requires a regular expressio= n. Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch f= or details. ProxySet smax=3D5 max=3D20 ttl=3D120 keepalive=3DOn Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we s= ee Apache returning 200 to the client (just changed the URL): 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1= " 200 - 300515625 No way to know that the proxy is being hit. Is that the expected behavior? I would expect an error code, maybe 504. Thanks, Moshe Ben Shoham Perfecto Mobile The information contained in this message is proprietary to the sender, pro= tected from disclosure, and may be privileged. The information is intended = to be conveyed only to the designated recipient(s) of the message. If the r= eader of this message is not the intended recipient, you are hereby notifie= d that any dissemination, use, distribution or copying of this communicatio= n is strictly prohibited and may be unlawful. If you have received this com= munication in error, please notify us immediately by replying to the messag= e and deleting it from your computer. Thank you. You are posting to a public archived mailing list. -- J. The information contained in this message is proprietary to the sender, pro= tected from disclosure, and may be privileged. The information is intended = to be conveyed only to the designated recipient(s) of the message. If the r= eader of this message is not the intended recipient, you are hereby notifie= d that any dissemination, use, distribution or copying of this communicatio= n is strictly prohibited and may be unlawful. If you have received this com= munication in error, please notify us immediately by replying to the messag= e and deleting it from your computer. Thank you. -- J. The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. --_000_52CAD106C0AD164C9646DEC80D96E65D07A74782Godzillanexperi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

But this is not the ca= se – the request was perfectly OK, just took the backend server too l= ong to handle (note that I am less worried about bogus requests because thi= s Apache is behind firewall and only serves requests coming from another component in the system, which is under our c= ontrol).

 

I would like to focus = on my original question: Why did Apache return 200 to the client in case of= proxy timeout?

 

Thanks,

Moshe

 

From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Wednesday, June 15, 2011 10:19 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache returns 200 to client in case of p= roxy timeout

 

On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote:

Hi,<= /p>

 

Thanks for the comment= about the ProxyMatch syntax. I will look into it, although it works.

 

Regarding the proxy hi= t, I know for sure that the request should be proxied because is usually do= es. It matches the following rewrite rule (again, URL was changed):<= o:p>

 

  RewriteRule  ^/x/y(.*)&nbs= p; http://localhost:9003$1  =          [P]

 

In addition, every tim= e the timeout occurs, I see the following message in the Apache error log, = exactly 300 seconds after the request arrives:

 

[Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.= 11] (OS 10060)A connection attempt failed because the connected party did n= ot properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: e= rror reading status line from remote server localhost



It means what it says.

Your rule allows bogus constructions like http://localhost:9003002001/foobar/.

ALWAYS include slashes at ambiguous locations!



 

Thanks,

Moshe Ben Shoham

Perfecto Mobile

 

From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Wednesday, June 15, 2011 10:18 AM
To: users@httpd.apache.org=
Subject: Re: [users@httpd] Apache returns 200 to client in case of p= roxy timeout

 

On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:

Hi,

 

We’re using Apache 2.2.15, with mod_proxy_http= for proxying requests to backend processes.

 

Here’s the relevant configuration we use:=

 

  <ProxyMatch  http://localhost:9001>=


That is not valid syntax for ProxyMatch, which requires a regular expressio= n.
Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for deta= ils.


    ProxySet smax=3D5 max=3D20 ttl=3D120 ke= epalive=3DOn

  </ProxyMatch>

 

Hence, the value of “timeout” is 300 sec= onds. When the timeout occurs, we see Apache returning 200 to the client (j= ust changed the URL):

 

1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] = "POST /x/y/z HTTP/1.1" 200 - 300515625



No way to know that the proxy is being hit.




 

Is that the expected behavior? I would expect an err= or code, maybe 504.

 

Thanks,

Moshe Ben Shoham

Perfecto Mobile

 



The information contained in this message is proprietary to the sender, pro= tected from disclosure, and may be privileged. The information is intended = to be conveyed only to the designated recipient(s) of the message. If the r= eader of this message is not the intended recipient, you are hereby notified that any dissemination, use, d= istribution or copying of this communication is strictly prohibited and may= be unlawful. If you have received this communication in error, please noti= fy us immediately by replying to the message and deleting it from your computer. Thank you.



You are posting to a public archived mailing list.




-- 
J.



The information contained in this message is proprietary to the sender, pro= tected from disclosure, and may be privileged. The information is intended = to be conveyed only to the designated recipient(s) of the message. If the r= eader of this message is not the intended recipient, you are hereby notified that any dissemination, use, d= istribution or copying of this communication is strictly prohibited and may= be unlawful. If you have received this communication in error, please noti= fy us immediately by replying to the message and deleting it from your computer. Thank you.




-- 
J.


The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
--_000_52CAD106C0AD164C9646DEC80D96E65D07A74782Godzillanexperi_--