You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/04/03 09:07:14 UTC
DO NOT REPLY [Bug 7708] New: -
mod_proxy invalid HTTP version translation
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7708>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7708
mod_proxy invalid HTTP version translation
Summary: mod_proxy invalid HTTP version translation
Product: Apache httpd-1.3
Version: 1.3.24
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: fenn_b@smktech.com.au
This is a correction of a previous apparent bug lodged by myself that was
causing invalid "Continue 100" responses.
It turns out that mod_proxy 1.3.24 is upgrading HTTP/1.0 POST requests to
HTTP/1.1 without downgrading in the reply. See below:
Request sent by client to proxy/frontend:
-------------------------------------------
POST /login.asp HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-
excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-au
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
Content-Length: 34
Pragma: no-cache
Host: my.hostname.com
Cache-Control: max-age=1329600
Connection: keep-alive
username=xxxxxxx&password=xxxxxxxx
-------------------------------------------
Passed by mod_proxy (1.3.23) - Works fine, normal HTTP response:
-------------------------------------------
POST /login.asp HTTP/1.0
Host: my.hostname.com.internal
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-
excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-au
Cache-Control: max-age=1329600
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
X-Forwarded-For: 210.23.128.130
Connection: close
username=xxxxxxx&password=xxxxxxxx
-------------------------------------------
HTTP request passed by mod_proxy (1.3.24) - Causes a Continue 100 with IIS:
-------------------------------------------
POST /login.asp HTTP/1.1
Host: my.hostname.com.internal
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-
excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-au
Cache-Control: max-age=1329600
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
X-Forwarded-For: 210.23.128.130
Connection: close
username=xxxxxxx&password=xxxxxxxx
-------------------------------------------
As far as I can see, this breaks HTTP/1.1 RFC:
-----
3.1 HTTP Version
Proxy and gateway applications need to be careful when forwarding
messages in protocol versions different from that of the application.
Since the protocol version indicates the protocol capability of the
sender, a proxy/gateway MUST NOT send a message with a version
indicator which is greater than its actual version. If a higher
version request is received, the proxy/gateway MUST either downgrade
the request version, or respond with an error, or switch to tunnel
behavior.
-----
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org