httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Liwei <xieli...@gmail.com>
Subject Re: [users@httpd] Handling 413 Errors with ProxyPass
Date Mon, 01 May 2017 11:17:52 GMT
Hi Nick, replies inline...

On Mon, 1 May 2017 at 18:14 Nick Kew <niq@apache.org> wrote:

> On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
> > Hi list,
> >     I'm seeing an unexpected behaviour when a 413 Request Entity Too
> > Large error occurs on a site proxied with Apache 2.4.25. There is an
> > ErrorDocument configured for this error but it does not show up as
> > (from the error page itself):
> >     "Additionally, a 413 Request Entity Too Large error was
> > encountered while trying to use an ErrorDocument to handle the
> > request."
>
> I'm not clear on the division of responsibilities between
> your proxy and backend here.  Is this Apache as proxy generating
> a recursive error?  Is it the proxy or the backend that's rejecting
> the request (and thus generating a 413) in the first place?
> Is the 413 being generated due to a Content-Length header, or
> actual request data, or something else?  Is there an
> Expect ... 100 Continue negotaition anywhere there?
>

Ah yes, not sure why I left out this crucial bit of information.

Apache is acting as a proxy with mod_security being used to limit the
maximum request sizes. The backend processes user uploads, and once in a
while, someone tries to upload something larger than normal. Instead of
rejecting the file on the different backends, we've decided to put the
rejection on the proxy using mod_security:

    SecRequestBodyLimit 10240000
    SecRequestBodyNoFilesLimit 102400
    SecRequestBodyLimitAction Reject

So Apache is the one generating the 413, but we have a specific error
document on the backend that's shown to the user when the 413 error occurs:

    (This is still a configuration line from the Apache proxy)
    ErrorDocument 413 /ErrFileTooLarge

I assume mod_security does the size limit enforcement by both inspecting
the Content-Length header and the actual data.


>
> >     I do see the error page being requested on the proxied site by
> > Apache, but Apache does not show it.
>
> What do you mean by an error page being requested?
>
> >     Is this expected or unexpected behavior?
>
> No.  That "Additionally ..." is fallback if normal processing fails.
>
> Can't be sure, but I suspect you've found a bug (the alternative
> is a configuration error).  If you can come up with a test case
> to reproduce the behaviour, an entry in Bugzilla would be in order.
>

I would have expected Apache to still deliver the configured ErrorDocument
for a 413 error that mod_security/apache generates, but not sure if it is a
configuration problem or it has specifically been designed to behave that
way. Thought I'd confirm with the list first before opening an issue.


>
> --
> Nick Kew
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message