You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Moshe Ben-Shoham <mo...@perfectomobile.com> on 2011/06/15 09:32:06 UTC
RE: [users@httpd] Apache returns 200 to client in case of proxy
timeout
Hi,
Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works.
Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed):
RewriteRule ^/x/y(.*) http://localhost:9003$1 [P]
In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives:
[Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost
Thanks,
Moshe Ben Shoham
Perfecto Mobile
From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Wednesday, June 15, 2011 10:18 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:
Hi,
We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes.
Here's the relevant configuration we use:
<ProxyMatch http://localhost:9001>
That is not valid syntax for ProxyMatch, which requires a regular expression.
Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details.
ProxySet smax=5 max=20 ttl=120 keepalive=On
</ProxyMatch>
Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL):
1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625
No way to know that the proxy is being hit.
Is that the expected behavior? I would expect an error code, maybe 504.
Thanks,
Moshe Ben Shoham
Perfecto Mobile
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
You are posting to a public archived mailing list.
--
J.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
Re: [users@httpd] Apache returns 200 to client in case of proxytimeout
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.06.2011 21:57, Rainer Jung wrote:
> On 16.06.2011 08:35, Moshe Ben-Shoham wrote:
>> But this is not the case - the request was perfectly OK, just took the backend server too long to handle (note that I am less worried about bogus requests because this Apache is behind firewall and only serves requests coming from another component in the system, which is under our control).
>>
>> I would like to focus on my original question: Why did Apache return 200 to the client in case of proxy timeout?
>
> It could be because of CVE-2010-2068, which was fixed in 2.2.16. Please
> try again with 2.2.latest.
Forgot to ask: what's your platform? Windows?
> You should also fix your configuration before restesting. Read the most
> recent online docs about workers in mod_proxy carefully.
>
> I expect that your ProxySet seetings are not functional the way you
> configured them.
>
> Regards,
>
> Rainer
>
>> From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
>> Sent: Wednesday, June 15, 2011 10:19 PM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
>>
>> On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote:
>> Hi,
>>
>> Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works.
>>
>> Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed):
>>
>> RewriteRule ^/x/y(.*) http://localhost:9003$1 [P]
>>
>> In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives:
>>
>> [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost
>>
>>
>> It means what it says.
>>
>> Your rule allows bogus constructions like http://localhost:9003002001/foobar/.
>>
>> ALWAYS include slashes at ambiguous locations!
>>
>>
>>
>>
>> Thanks,
>> Moshe Ben Shoham
>> Perfecto Mobile
>>
>> From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
>> Sent: Wednesday, June 15, 2011 10:18 AM
>> To: users@httpd.apache.org<ma...@httpd.apache.org>
>> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
>>
>> On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:
>> Hi,
>>
>> We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes.
>>
>> Here's the relevant configuration we use:
>>
>> <ProxyMatch http://localhost:9001>
>>
>> That is not valid syntax for ProxyMatch, which requires a regular expression.
>> Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details.
>>
>>
>> ProxySet smax=5 max=20 ttl=120 keepalive=On
>> </ProxyMatch>
>>
>> Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL):
>>
>> 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625
>>
>>
>> No way to know that the proxy is being hit.
>>
>>
>>
>>
>>
>> Is that the expected behavior? I would expect an error code, maybe 504.
>>
>> Thanks,
>> Moshe Ben Shoham
>> Perfecto Mobile
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache returns 200 to client in case of proxytimeout
Posted by Rainer Jung <ra...@kippdata.de>.
On 16.06.2011 08:35, Moshe Ben-Shoham wrote:
> But this is not the case - the request was perfectly OK, just took the backend server too long to handle (note that I am less worried about bogus requests because this Apache is behind firewall and only serves requests coming from another component in the system, which is under our control).
>
> I would like to focus on my original question: Why did Apache return 200 to the client in case of proxy timeout?
It could be because of CVE-2010-2068, which was fixed in 2.2.16. Please
try again with 2.2.latest.
You should also fix your configuration before restesting. Read the most
recent online docs about workers in mod_proxy carefully.
I expect that your ProxySet seetings are not functional the way you
configured them.
Regards,
Rainer
> From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
> Sent: Wednesday, June 15, 2011 10:19 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
>
> On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote:
> Hi,
>
> Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works.
>
> Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed):
>
> RewriteRule ^/x/y(.*) http://localhost:9003$1 [P]
>
> In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives:
>
> [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost
>
>
> It means what it says.
>
> Your rule allows bogus constructions like http://localhost:9003002001/foobar/.
>
> ALWAYS include slashes at ambiguous locations!
>
>
>
>
> Thanks,
> Moshe Ben Shoham
> Perfecto Mobile
>
> From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
> Sent: Wednesday, June 15, 2011 10:18 AM
> To: users@httpd.apache.org<ma...@httpd.apache.org>
> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
>
> On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:
> Hi,
>
> We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes.
>
> Here's the relevant configuration we use:
>
> <ProxyMatch http://localhost:9001>
>
> That is not valid syntax for ProxyMatch, which requires a regular expression.
> Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details.
>
>
> ProxySet smax=5 max=20 ttl=120 keepalive=On
> </ProxyMatch>
>
> Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL):
>
> 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625
>
>
> No way to know that the proxy is being hit.
>
>
>
>
>
> Is that the expected behavior? I would expect an error code, maybe 504.
>
> Thanks,
> Moshe Ben Shoham
> Perfecto Mobile
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache returns 200 to client in case of proxy
timeout
Posted by Moshe Ben-Shoham <mo...@perfectomobile.com>.
But this is not the case - the request was perfectly OK, just took the backend server too long to handle (note that I am less worried about bogus requests because this Apache is behind firewall and only serves requests coming from another component in the system, which is under our control).
I would like to focus on my original question: Why did Apache return 200 to the client in case of proxy timeout?
Thanks,
Moshe
From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Wednesday, June 15, 2011 10:19 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote:
Hi,
Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works.
Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed):
RewriteRule ^/x/y(.*) http://localhost:9003$1 [P]
In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives:
[Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost
It means what it says.
Your rule allows bogus constructions like http://localhost:9003002001/foobar/.
ALWAYS include slashes at ambiguous locations!
Thanks,
Moshe Ben Shoham
Perfecto Mobile
From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Wednesday, June 15, 2011 10:18 AM
To: users@httpd.apache.org<ma...@httpd.apache.org>
Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:
Hi,
We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes.
Here's the relevant configuration we use:
<ProxyMatch http://localhost:9001>
That is not valid syntax for ProxyMatch, which requires a regular expression.
Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details.
ProxySet smax=5 max=20 ttl=120 keepalive=On
</ProxyMatch>
Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL):
1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625
No way to know that the proxy is being hit.
Is that the expected behavior? I would expect an error code, maybe 504.
Thanks,
Moshe Ben Shoham
Perfecto Mobile
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
You are posting to a public archived mailing list.
--
J.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
--
J.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
Re: [users@httpd] Apache returns 200 to client in case of proxy timeout
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote:
>
> Hi,
>
> Thanks for the comment about the ProxyMatch syntax. I will look into
> it, although it works.
>
> Regarding the proxy hit, I know for sure that the request should be
> proxied because is usually does. It matches the following rewrite rule
> (again, URL was changed):
>
> RewriteRule ^/x/y(.*) http://localhost:9003$1 [P]
>
> In addition, every time the timeout occurs, I see the following
> message in the Apache error log, exactly 300 seconds after the request
> arrives:
>
> [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A
> connection attempt failed because the connected party did not properly
> respond after a period of time, or established connection failed
> because connected host has failed to respond. : proxy: error reading
> status line from remote server localhost
>
It means what it says.
Your rule allows bogus constructions like
http://localhost:9003002001/foobar/.
ALWAYS include slashes at ambiguous locations!
> Thanks,
>
> Moshe Ben Shoham
>
> Perfecto Mobile
>
> *From:*Jeroen Geilman [mailto:jeroen@adaptr.nl]
> *Sent:* Wednesday, June 15, 2011 10:18 AM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Apache returns 200 to client in case of
> proxy timeout
>
> On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote:
>
> Hi,
>
> We're using Apache 2.2.15, with mod_proxy_http for proxying requests
> to backend processes.
>
> Here's the relevant configuration we use:
>
> <ProxyMatch http://localhost:9001>
>
>
> That is not valid syntax for ProxyMatch, which requires a regular
> expression.
> Please see
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for
> details.
>
> ProxySet smax=5 max=20 ttl=120 keepalive=On
>
> </ProxyMatch>
>
> Hence, the value of "timeout" is 300 seconds. When the timeout occurs,
> we see Apache returning 200 to the client (just changed the URL):
>
> 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z
> HTTP/1.1" 200 - 300515625
>
>
>
> No way to know that the proxy is being hit.
>
>
>
> Is that the expected behavior? I would expect an error code, maybe 504.
>
> Thanks,
>
> Moshe Ben Shoham
>
> Perfecto Mobile
>
>
>
> The information contained in this message is proprietary to the
> sender, protected from disclosure, and may be privileged. The
> information is intended to be conveyed only to the designated
> recipient(s) of the message. If the reader of this message is not the
> intended recipient, you are hereby notified that any dissemination,
> use, distribution or copying of this communication is strictly
> prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by replying to
> the message and deleting it from your computer. Thank you.
>
>
>
> You are posting to a public archived mailing list.
>
>
>
> --
> J.
>
>
> The information contained in this message is proprietary to the
> sender, protected from disclosure, and may be privileged. The
> information is intended to be conveyed only to the designated
> recipient(s) of the message. If the reader of this message is not the
> intended recipient, you are hereby notified that any dissemination,
> use, distribution or copying of this communication is strictly
> prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by replying to
> the message and deleting it from your computer. Thank you.
--
J.