You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/05/04 15:07:00 UTC
[Bug 65286] New: Websockets connections fail with Apache as forward
proxy
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
Bug ID: 65286
Summary: Websockets connections fail with Apache as forward
proxy
Product: Apache httpd-2
Version: 2.4.46
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
Assignee: bugs@httpd.apache.org
Reporter: bjoernv@arcor.de
Target Milestone: ---
When Apache is configured as a forward proxy, Websocket connections fail.
The Websocket echo test https://www.websocket.org/echo.html already fails with
"Connect". The error message is
ERROR: undefined
DISCONNECTED
Other connections work as expected.
This is a minimal proxy configuration which shows the issue:
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Require ip 192.168.1.0/255.255.255.0 127.0.0.0/255.0.0.0 ::1
</Proxy>
</IfModule>
This is the list of activated Apache modules:
APACHE_MODULES="actions alias asis auth_basic auth_digest authn_file authz_core
authz_host authz_groupfile authz_user autoindex cgi dir env expires include
log_config mime negotiation rewrite setenvif status ssl userdir proxy
proxy_connect proxy_ftp proxy_http proxy_http2 proxy_wstunnel cache cache_disk
authn_core dbd authn_dbd reqtimeout authn_socache socache_shmcb socache_dbm
wsgi proxy-html proxy_html headers xml2enc dav dav_fs http2 proxy_fcgi"
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65286] Websockets connections fail with Apache as forward proxy
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
--- Comment #2 from Yann Ylavic <yl...@gmail.com> ---
> This is a minimal proxy configuration which shows the issue:
>
> <IfModule mod_proxy.c>
> ProxyRequests On
> <Proxy *>
> Require ip 192.168.1.0/255.255.255.0 127.0.0.0/255.0.0.0 ::1
> </Proxy>
> </IfModule>
It tried that with firefox and it seems that websocket.org issues a "CONNECT
echo.websocket.org:80 HTTP/1.1" request when clicking on the "connect" button
(port 80 or 443 depending on schemes ws: or wss: respectively).
So it works for me with:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
AllowCONNECT 80 443
ProxyRequests On
<Proxy *>
Require ip ...
</Proxy>
But I agree that a "GET http://echo.websocket.org:80/ HTTP/1.1" request
wouldn't work with WebSocket because the generic forward proxy worker does not
handle Upgrade for now. Not sure it's worth it though with nowadays TLS
everywhere..
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65286] Websockets connections fail with Apache as forward proxy
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
--- Comment #1 from Bjoern Voigt <bj...@arcor.de> ---
The Websocket echo test still fails with Apache HTTPD 2.4.18.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65286] Websockets connections fail with Apache as forward proxy
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
Bjoern Voigt <bj...@arcor.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #4 from Bjoern Voigt <bj...@arcor.de> ---
After cleaning my proxy settings in Firefox ("SOCKS Host" was set to
"localhost" which never caused problems) also my daily Firefox profile works
now. I found this Firefox hint here: https://askubuntu.com/a/890539
Sorry, I think, HTTPD is okay and this bug can be closed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65286] Websockets connections fail with Apache as forward proxy
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
Yann Ylavic <yl...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65286] Websockets connections fail with Apache as forward proxy
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65286
Bjoern Voigt <bj...@arcor.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #3 from Bjoern Voigt <bj...@arcor.de> ---
Yann Ylavic wrote:
> But I agree that a "GET http://echo.websocket.org:80/ HTTP/1.1" request
> wouldn't work with WebSocket because the generic forward proxy worker
> does not handle Upgrade for now. Not sure it's worth it though with
> nowadays TLS everywhere..
After testing your HTTPD configuration and additional testing with different
browsers and with my original HTTPD configuration, I found that my daily
Firefox profile seems to cause the problem. Disabling all add-ons does not
help. But Firefox with a new profile (and proxy settings of cause) works.
http://www.websocket.org/echo.html (without SSL) seems to be broken. How do you
tested this?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org