You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/05/04 15:07:00 UTC

[Bug 65286] New: Websockets connections fail with Apache as forward proxy

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

            Bug ID: 65286
           Summary: Websockets connections fail with Apache as forward
                    proxy
           Product: Apache httpd-2
           Version: 2.4.46
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
          Assignee: bugs@httpd.apache.org
          Reporter: bjoernv@arcor.de
  Target Milestone: ---

When Apache is configured as a forward proxy, Websocket connections fail.

The Websocket echo test https://www.websocket.org/echo.html already fails with
"Connect". The error message is

ERROR: undefined

DISCONNECTED

Other connections work as expected.

This is a minimal proxy configuration which shows the issue:

<IfModule mod_proxy.c>
  ProxyRequests On
  <Proxy *>
    Require ip 192.168.1.0/255.255.255.0 127.0.0.0/255.0.0.0 ::1
  </Proxy>
</IfModule>

This is the list of activated Apache modules:

APACHE_MODULES="actions alias asis auth_basic auth_digest authn_file authz_core
authz_host authz_groupfile authz_user autoindex cgi dir env expires include
log_config mime negotiation rewrite setenvif status ssl userdir proxy
proxy_connect proxy_ftp proxy_http proxy_http2 proxy_wstunnel cache cache_disk
authn_core dbd authn_dbd reqtimeout authn_socache socache_shmcb socache_dbm
wsgi proxy-html proxy_html headers xml2enc dav dav_fs http2 proxy_fcgi"

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65286] Websockets connections fail with Apache as forward proxy

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

--- Comment #2 from Yann Ylavic <yl...@gmail.com> ---
> This is a minimal proxy configuration which shows the issue:
> 
> <IfModule mod_proxy.c>
>   ProxyRequests On
>   <Proxy *>
>     Require ip 192.168.1.0/255.255.255.0 127.0.0.0/255.0.0.0 ::1
>   </Proxy>
> </IfModule>

It tried that with firefox and it seems that websocket.org issues a "CONNECT
echo.websocket.org:80 HTTP/1.1" request when clicking on the "connect" button
(port 80 or 443 depending on schemes ws: or wss: respectively).

So it works for me with:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
AllowCONNECT 80 443
ProxyRequests On
<Proxy *>
   Require ip ...
</Proxy>

But I agree that a "GET http://echo.websocket.org:80/ HTTP/1.1" request
wouldn't work with WebSocket because the generic forward proxy worker does not
handle Upgrade for now. Not sure it's worth it though with nowadays TLS
everywhere..

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65286] Websockets connections fail with Apache as forward proxy

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

--- Comment #1 from Bjoern Voigt <bj...@arcor.de> ---
The Websocket echo test still fails with Apache HTTPD 2.4.18.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65286] Websockets connections fail with Apache as forward proxy

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

Bjoern Voigt <bj...@arcor.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #4 from Bjoern Voigt <bj...@arcor.de> ---
After cleaning my proxy settings in Firefox ("SOCKS Host" was set to
"localhost" which never caused problems) also my daily Firefox profile works
now. I found this Firefox hint here: https://askubuntu.com/a/890539

Sorry, I think, HTTPD is okay and this bug can be closed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65286] Websockets connections fail with Apache as forward proxy

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

Yann Ylavic <yl...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65286] Websockets connections fail with Apache as forward proxy

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65286

Bjoern Voigt <bj...@arcor.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #3 from Bjoern Voigt <bj...@arcor.de> ---
Yann Ylavic wrote:
> But I agree that a "GET http://echo.websocket.org:80/ HTTP/1.1" request
> wouldn't work with WebSocket because the generic forward proxy worker
> does not handle Upgrade for now. Not sure it's worth it though with
> nowadays TLS everywhere..
After testing your HTTPD configuration and additional testing with different
browsers and with my original HTTPD configuration, I found that my daily
Firefox profile seems to cause the problem. Disabling all add-ons does not
help. But Firefox with a new profile (and proxy settings of cause) works.

http://www.websocket.org/echo.html (without SSL) seems to be broken. How do you
tested this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org