[Bug 413449] [NEW] mod_proxy_http violates RFC and common sense

Ivo Timmermans ivo at lychnis.net
Fri Aug 14 09:00:01 BST 2009


Public bug reported:

Binary package hint: apache2

If I send a request containing the header "Expect: 100-continue" to a
location that is directed to a backend HTTP server using mod_proxy_http,
then the following happens:

The client sends the request:

   PUT /some/path/somewhere HTTP/1.1
   Expect: 100-continue
   ...

Then apache will respond with 100 Continue even though it hasn't even
contacted the backend server yet.

   100 Continue

Fine, the client will start sending the body now, because apache asked it to.
Meanwhile, apache will start contacting the backend server, using the Expect header:

   PUT /some/path HTTP/1.1
   Expect: 100-continue
   ...
   X-Forwarded-For: and so on

Okay, the server now assumes there will be no body yet because of the
Expect-header, and starts processing the request.

Then, unexpectedly, apache will continue sending the body, even though
the server hasn't done anything yet.  Now, if the server doesn't respond
with "100 Continue", but, for example, with "401 Unauthorized", then the
body will be interpreted as the next request.  Apache however ignores
any response from the server until it's done sending the body, at which
point the server has been sending "400 Bad request" messages so fast
that now both sides of the conversation are thoroughly confused and
apache doesn't even bother to send a meaningful response to the client;
all connections are eventually closed.

Arguably the confused state is partly caused by the backend server not
closing the request after the "400" errors, but it *is* caused by apache
misunderstanding the meaning of "Expect: 100-continue".

This is the apache configuration snipped used in this experiment:

	<Location /some/path/>
		ProxyPass http://localhost:1234/path/
		ProxyPassReverse http://localhost:1234/path/
		Order allow,deny
		Allow from all
		Deny from none
		SetEnv proxy-interim-response RFC
		SetEnv proxy-sendchunked 1
	</Location>

And FYI, this is the start of the actual, captured request from the
client:

    PUT /kmx/pavis2.3/upload/ecc022ad63f16b27bff57bfc9cfa3f7bd2085dba HTTP/1.1
    Host: localhost
    Accept-Encoding: identity
    User-Agent: Treparel KMX Patent Analytics suite/2.2.90
    Content-Type: application/ms-excel; filename="%2Fhome%2Fivo%2Fsvn.etc.xls"
    Transfer-Encoding: chunked
    Expect: 100-continue

Response from apache:

    HTTP/1.1 100 Continue

Body sent by the client:

    19000
    (and so on, using chunked encoding).

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 9.04
Package: apache2.2-common 2.2.11-2ubuntu2.2
ProcEnviron:
 SHELL=/bin/zsh
 PATH=(custom, user)
 LC_COLLATE=C
 LANG=nl_NL.UTF-8
 LC_CTYPE=nl_NL.UTF-8
SourcePackage: apache2
Uname: Linux 2.6.28-14-generic x86_64

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug

-- 
mod_proxy_http violates RFC and common sense
https://bugs.launchpad.net/bugs/413449
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.



More information about the Ubuntu-server-bugs mailing list