httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blomme Dieter <>
Subject Re: [users@httpd] Problem with mod_proxy and chunked content
Date Wed, 03 Dec 2014 09:42:58 GMT

Thanks everybody for the input. We traced the problem further, and apparently, the problem
lies in the F5 load balancer, which does not handle responses with chunked encoding correctly
when chunking is set to selective there. When we set response chunking to unchunk, everything
seems fixed.

We have to investigate the change in policy further, but it seems Apache did nothing wrong.
The command from Frederik helped us trace this further, so thanks a lot for this!

have a great week.


On 18 Nov 2014, at 13:17, Jeff Trawick <<>>

On Mon, Nov 17, 2014 at 4:50 AM, Blomme Dieter <<>>
We have fixed this problem temporarily. What I've noticed is that the header isn't there and
inserting it (e.g. with burp or fiddler), fixes the problem. I've then tried to insert the
header in the vhost that acts as a proxy, but the header didn't appear. I think that mod_proxy
strips that header as the last part of the request.

I don't know if this was mentioned before:

In the original message you showed, the content was chunked but the response had a content-length
header.  If a proxy received a response from upstream with both a transfer-encoding and content-length,
it *must* strip one.  (Having different components choose a different message boundary mechanism
to respect enables certain attacks.)

I guess this means that it was bad coming out of the backend httpd+PHP?

We've now fixed the problem by making sure our load balancer enforces http 1.0 for the requests
that were problematic. Later on we'll take another look at this problem when we have more

Thans Stefan for the hint! ;)

kind regards,

On 13 Nov 2014, at 19:08, Blomme Dieter <<>>

> Yes, but I thought that if that header is missing, it should still check if the data
is chunked, is that incorrect?
>> On 13 Nov 2014, at 18:52, Stefan Magnus Landrø <<>>
>> The transfer encoding header is missing, right?
>> Sendt fra min iPhone
>>> Den 13. nov. 2014 kl. 18.13 skrev Blomme Dieter <<>>:
>>> Hi,
>>> We have a problem with mod_proxy and chunked content.
>>> We use mod_proxy to selectively request pages from a second site, the ProxyPass
and ProxyPassReverse statements are in the vhost file. Nearly all requests are OK, Except
for one type of request which can't be handled properly. We use SAML SSO and upon logging
out, the response from a simplesaml service provider is not correct. It is chunked, but is
not parseable. The problem is the chunk part within the SAML Response. This is also visible
in the response (see below). I have googled this and searched Apache's bugzilla, but there
is no solution I've tried that works.
>>> Not forcing http1.0, sendcl, ...
>>> Can anybody please help with this issue?
>>> Thanks very much in advance!
>>> HTTP/1.1 200 OK
>>> Date: Thu, 13 Nov 2014 16:23:02 GMT
>>> Server: Apache/2.2.15 (Red Hat)
>>> X-Powered-By: PHP/5.3.3
>>> X-Robots-Tag: noindex,noarchive
>>> Content-Type: text/html; charset=UTF-8
>>> X-Robots-Tag: noindex,noarchive
>>> Keep-Alive: timeout=5, max=100
>>> Connection: Keep-Alive
>>> Vary: Accept-Encoding
>>> Content-Length: 7460
>>> 132
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>>      "">
>>> <html xmlns="" xml:lang="en" lang="en">
>>> <head>
>>>  <meta http-equiv="content-type" content="text/html; charset=utf-8" /><script
>>> 36d
>>> window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var
o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o?o:e)},o,o.exports)}return
e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return
r}({QJf3ax:[function(t,e){function n(t){function e(e,n,a){t&&t(e,n,a),a||(a={});for(var
c=u(e),f=c.length,s=i(a,o,r),p=0;f>p;p++)c[p].apply(s,n);return s}function a(t,e){f[t]=u(t).concat(e)}function
u(t){return f[t]||[]}function c(){return n(e)}var f={};return{on:a,emit:e,create:c,listeners:u,_events:f}}function
r(){return{}}var o="nr@context",i=t("gos");e.exports=n()},{gos:"7eSDFh"}],ee:[function(t,e){e.exports=t("QJf3ax")},{}],gos:[function(t,e){e.exports=t("7eSDFh")},{}],"7eSDFh":[function(t,e){function
n(t,e,n){if(,e))return t[e];var o=n();if(Object.definePr
>>> 5a8
>>> operty&&Object.keys)try{return Object.defineProperty(t,e,{value:o,writable:!0,enumerable:!1}),o}catch(i){}return
t[e]=o,o}var r=Object.prototype.hasOwnProperty;e.exports=n},{}],D5DuLP:[function(t,e){function
n(t,e,n){return r.listeners(t).length?r.emit(t,e,n):(o[t]||(o[t]=[]),void o[t].push(e))}var
n(t){var e=typeof t;return!t||"object"!==e&&"function"!==e?-1:t===window?0:i(t,o,function(){return
r++})}var r=1,o="nr@id",i=t("gos");e.exports=n},{gos:"7eSDFh"}],id:[function(t,e){e.exports=t("XL7HBI")},{}],loader:[function(t,e){e.exports=t("G9z0Bl")},{}],G9z0Bl:[function(t,e){function
e=c.createElement("script");e.src=l.proto+t.agent,c.body.appendChild(e)}}function r(){"complete"===c.readyState&&o()}function
o(){a("mark",["domContent",i()])}function i(){return(new Date).getTime()}var a=t("handle"),u=window,c=u.document,f="addEventListener",s="attachEvent",p=(""+location).split("?")[0],l=e.exports={offset:i(),origin:p,features:{}};c[f]?(c[f]("DOMContentLoaded",o,!1),u[f]("load",n,!1)):(c[s]("onreadystatechange",r),u[s]("onload",n)),a("mark",["firstbyte",i()])},{handle:"D5DuLP"}]},{},["G9z0Bl"]);</script>
>>>  <t
>>> 27c
>>> itle>POST data</title>
>>> </head>
>>> <body onload="document.getElementsByTagName('input')[0].click();">
>>>  <noscript>
>>>      <p><strong>Note:</strong> Since your browser does not
support JavaScript, you must press the button below once to proceed.</p>
>>>  </noscript>
>>>  <form method="post" action="">
>>>  <!-- Need to add this element and call click method, because calling submit()
>>>  on the form causes failed submission if the form has another element with name
or id of submit.
>>>  See: -->
>>>  <input type="submit" style="display:none;" />
>>> 8d4
>>> <input type="hidden" name="SAMLResponse" value="
>>> <<<First part of samlresponse>>>>
>>> 75e
>>> <<<Second part of samlresponse>>>>
>>> " />
>>>      <noscript>
>>>          <input type="submit" value="Submit" />
>>>      </noscript>
>>>  </form>
>>> <<<<removed content>>>>>
>>> 0
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:<>
>>> For additional commands, e-mail:<>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:<>
>> For additional commands, e-mail:<>
 K[XZ[ � \�\��][��X��ܚX�P      �\ X� K�ܙ�B��܈ Y  ] [ۘ[ 
��[X[� �  K[XZ[ � \�\��Z [        �\ X� K�ܙ�B

Born in Roswell... married an alien...

To unsubscribe, e-mail:
For additional commands, e-mail:
View raw message