You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rainer Jung <ra...@kippdata.de> on 2022/09/28 13:33:16 UTC
mod_proxy_http2 setting Transfer-Encoding chunked for a GET request
Hi all,
today I stumbled into an unexpected request denial by a rule in the
mod_security Core Rule Set 3. It denies requests without body, that have
Transfer-Encoding chunked set.
When I send a normal GET request, without body, no Transfer-Encoding and
no Content-Length, to httpd and proxy it via mod_proxy_http2 to the same
server, the proxied request gets "Transfer-Encoding: chunked" added by
mod_proxy_http2 and is then denied by mod_security on the receiving
side. No such addition when using mod_proxy_http.
It seems to me, that "Transfer-Encoding: chunked" is not allowed for
http/2 (due to its always streaming behavior), and at least it is
unexpected for a GET or HEAD request.
Any chance we can get rid of it when proxying a request, that has no
body and doesn't bring the header by its own?
Should I open a PR in our bugzilla, or on the mod_h2 Github repos?
Thanks and best regards,
Rainer
Re: mod_proxy_http2 setting Transfer-Encoding chunked for a GET request
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Stefan,
the PR is:
https://bz.apache.org/bugzilla/show_bug.cgi?id=66282
Let me know, in case you can not reproduce it, or I should test something!
Best regards,
Rainer
Re: mod_proxy_http2 setting Transfer-Encoding chunked for a GET request
Posted by Stefan Eissing via dev <de...@httpd.apache.org>.
Hi Rainer,
> Am 28.09.2022 um 15:33 schrieb Rainer Jung <ra...@kippdata.de>:
>
> Hi all,
>
> today I stumbled into an unexpected request denial by a rule in the mod_security Core Rule Set 3. It denies requests without body, that have Transfer-Encoding chunked set.
>
> When I send a normal GET request, without body, no Transfer-Encoding and no Content-Length, to httpd and proxy it via mod_proxy_http2 to the same server, the proxied request gets "Transfer-Encoding: chunked" added by mod_proxy_http2 and is then denied by mod_security on the receiving side. No such addition when using mod_proxy_http.
>
> It seems to me, that "Transfer-Encoding: chunked" is not allowed for http/2 (due to its always streaming behavior), and at least it is unexpected for a GET or HEAD request.
>
> Any chance we can get rid of it when proxying a request, that has no body and doesn't bring the header by its own?
>
> Should I open a PR in our bugzilla, or on the mod_h2 Github repos?
bugzilla seems good. this might affect more than http2.
We'll see what exactly happens. I suspect it is not mod_proxy_http2, but mod_http2 that adds "chunked" when the EOS of an incoming request has not been received yet and the request is started. If it has no content-length, mod_http2 must chunk the possibly still incoming request body.
This is in 2.4.x. In trunk we changed the filters to no longer require that.
>
> Thanks and best regards,
>
> Rainer