You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/06/10 12:03:56 UTC

[Bug 65370] New: "not Websocket" loglevel too low or wrong response code

https://bz.apache.org/bugzilla/show_bug.cgi?id=65370

            Bug ID: 65370
           Summary: "not Websocket" loglevel too low or wrong response
                    code
           Product: Apache httpd-2
           Version: 2.4.38
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: mod_proxy_wstunnel
          Assignee: bugs@httpd.apache.org
          Reporter: baumgartnerniels@gmail.com
  Target Milestone: ---

When a non WebSocket connection is made to a WebsScket endpoint, Apache returns
error 500. The cause of this only shows up in debug loglevel. In my opinion, a
500 response (aka. internal server ERROR) should not log to debug, but to a
higher level, eg. warn.

Example Log.

[2021-06-10 12:28:52.369642] [proxy_http:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH01113: HTTP: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX
[2021-06-10 12:28:52.369665] [proxy_wstunnel:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH02900: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX  (not WebSocket,
Upgrade: header is missing)

Alternatively, a 400 Bad Request could be returned, as per RFC 6455.

4.2.1.  Reading the Client's Opening Handshake

   When a client starts a WebSocket connection, it sends its part of the
   opening handshake.  The server must parse at least part of this
   handshake in order to obtain the necessary information to generate
   the server part of the handshake.

   The client's opening handshake consists of the following parts.  If
   the server, while reading the handshake, finds that the client did
   not send a handshake that matches the description below (note that as
   per [RFC2616], the order of the header fields is not important),
   including but not limited to any violations of the ABNF grammar
   specified for the components of the handshake, the server MUST stop
   processing the client's handshake and return an HTTP response with an
   appropriate error code (such as 400 Bad Request).

Even then, i think debug would be too low for logging this.

What do you think aboout this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65370] "not Websocket" loglevel too low or wrong response code

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65370

--- Comment #1 from Niels <ba...@gmail.com> ---
Maybe the 400 is a bad idea, as it is usually a server configuration error.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org