You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/08/28 08:53:22 UTC
[Bug 61464] New: mod_authnz_fcgi uses a hard-coded value of 30 sec
as the socket io timeout value
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
Bug ID: 61464
Summary: mod_authnz_fcgi uses a hard-coded value of 30 sec as
the socket io timeout value
Product: Apache httpd-2
Version: 2.4.16
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: farhaan.syed@gmail.com
Target Milestone: ---
- mod_authnz_fcgi uses a hard-coded 30 sec value as the socket IO timeout value
to write to and read from a back end FCGI Authorizer application.
- While this timeout value seems sufficient, in certain cases it may not be.
- Further, instead of hard-coding this parameter, a user should have an option
to be able to configure a suitable timeout of his choice.
- If none is specified, a certain default timeout (like the request timeout of
connection timeout) needs to be used.
Steps-to-repro:
1. Sample FCGI Authorizer application which can be started with fcgistarter:
fcgistarter -c <fcgi app name> -p 5555 -i 127.0.0.1 -N 1
(Refer to the fcgistarter documentation)
2. Note that in the above app, a sleep of 32 secs (any value greater than 30
sec) needs to be induced to repro the issue.
3. Configure the mod_authnz_fcgi module in httpd.conf:
LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so
Actual results:
The httpd daemon returns an HTTP 503 Service Unavailable status code back to
the client after 30 secs. However, in the back end, the authentication was
handled (success or failure).
Expected results:
- The status code as returned from the FCGI application after authentication.
- Or, HTTP 503 service unavailable if the configured timeout elapses.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the
socket io timeout value
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|All |mod_authnz_fcgi
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the
socket io timeout value
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
farhanz <fa...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |farhaan.syed@gmail.com
--- Comment #1 from farhanz <fa...@gmail.com> ---
Created attachment 35263
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35263&action=edit
An optional configurable socket io timeout parameter patch file for
mod_authnz_fcgi
An optional configurable socket IO timeout parameter patch file for
mod_authnz_fcgi.
This patch could be used for extending the AuthnzFcgiDefineProvider directive
to include an optional socket io timeout parameter. For e.g.:
AuthnzFcgiDefineProvider AuthnzFcgiDefineProvider authnz my-fcgi-app
fcgi://127.0.0.1:5555/ timeout=60
The above line sets the socket IO timeout to 60 secs.
If no timeout is specified, then the standard HTTP request timeout applies.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the
socket io timeout value
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
--- Comment #2 from farhanz <fa...@gmail.com> ---
Created attachment 35264
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35264&action=edit
Use the request timeout directive value as the socket IO timeout value
Approach 2:
Utilise the HTTP request TimeOut directive value as the socket IO timeout
instead of the current hard-coded value of 30 secs.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the
socket io timeout value
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
--- Comment #3 from canzara07@gmail.com ---
I can't seem to work it on SSL site.
my site is https://substarinc.com
Any suggestions?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the
socket io timeout value
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org