You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/05/07 22:35:42 UTC

DO NOT REPLY [Bug 44952] New: FIN packets change port with mod_proxy

https://issues.apache.org/bugzilla/show_bug.cgi?id=44952

           Summary: FIN packets change port with mod_proxy
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: scmoseman@gmail.com
                CC: scmoseman@gmail.com


The problem is that when I'm going through the mod_proxy instance, the FIN
packets to close the TCP session get sent from a *different* source port than
the rest of the TCP transaction.  Thus both hosts gets confused, packets are
dropped and I cannot complete a transaction (e.g. submit FORM data).

# cat /etc/redhat-release ; uname -ip
CentOS release 5 (Final)
i686 i386

# httpd -v
Server version: Apache/2.2.3
Server built:   Jan 15 2008 20:33:30

Here's my test mod_proxy config...

<VirtualHost *>
   ServerName scmoseman
   ProxyRequests Off
   <Proxy *>
       Order deny,allow
       Allow from all
   </Proxy>
   ProxyPass / http://remotehost:8000/path/
   ProxyPassReverse / http://remotehost:8000/path/
   <Location />
       Order allow,deny
       Allow from all
   </Location>
   RewriteEngine On
   RewriteCond %{REQUEST_URI} ^/path/(.*)
   RewriteRule ^/path/(.*) /$1 [R]
</VirtualHost>

An example of the problem:  When I attempt to login to the website, the entire
transaction is done through the source port 3965.  When it comes time for the
FIN ACK to close the connection, it's going out on source port 4476. 
remotehost asks for a RST, but since its on a different port its rejected.  And
I'm unable to login to the website.  (Just viewing the website in read-only
mode works fine.)

When I attempt the same thing directly using a local web browser and going to
the remotehost URL direct, the entire TCP connection uses a single source port
(including the FIN ACK session).

It does not matter if I use "remotehost" or "remotehost.domain.com" when
referencing the website.  The problem exists either way.

Thanks,
Scott


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 44952] FIN packets change port with mod_proxy

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44952


Ruediger Pluem <rp...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO




--- Comment #1 from Ruediger Pluem <rp...@apache.org>  2008-05-07 13:50:03 PST ---
Please attach a network sniff (tcpdump) over a whole request cycle that shows
this problem.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 44952] FIN packets change port with mod_proxy

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44952


Scott Moseman <sc...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|                            |INVALID




--- Comment #2 from Scott Moseman <sc...@gmail.com>  2008-05-08 13:44:45 PST ---
I'm closing the bug report.  Pointing the proxy at a different FORM based auth
website worked fine.  So there's something odd with my destination server that
I need to resolve.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org