On 16.06.2011 08:35, Moshe Ben-Shoham wrote: > But this is not the case - the request was perfectly OK, just took the backend server too long to handle (note that I am less worried about bogus requests because this Apache is behind firewall and only serves requests coming from another component in the system, which is under our control). > > I would like to focus on my original question: Why did Apache return 200 to the client in case of proxy timeout? It could be because of CVE-2010-2068, which was fixed in 2.2.16. Please try again with 2.2.latest. You should also fix your configuration before restesting. Read the most recent online docs about workers in mod_proxy carefully. I expect that your ProxySet seetings are not functional the way you configured them. Regards, Rainer > From: Jeroen Geilman [mailto:jeroen@xxxxxxxxx] > Sent: Wednesday, June 15, 2011 10:19 PM > To: users@xxxxxxxxxxxxxxxx > Subject: Re: Apache returns 200 to client in case of proxy timeout > > On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote: > Hi, > > Thanks for the comment about the ProxyMatch syntax. I will look into it, although it works. > > Regarding the proxy hit, I know for sure that the request should be proxied because is usually does. It matches the following rewrite rule (again, URL was changed): > > RewriteRule ^/x/y(.*) http://localhost:9003$1 [P] > > In addition, every time the timeout occurs, I see the following message in the Apache error log, exactly 300 seconds after the request arrives: > > [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: error reading status line from remote server localhost > > > It means what it says. > > Your rule allows bogus constructions like http://localhost:9003002001/foobar/. > > ALWAYS include slashes at ambiguous locations! > > > > > Thanks, > Moshe Ben Shoham > Perfecto Mobile > > From: Jeroen Geilman [mailto:jeroen@xxxxxxxxx] > Sent: Wednesday, June 15, 2011 10:18 AM > To: users@xxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxx> > Subject: Re: Apache returns 200 to client in case of proxy timeout > > On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote: > Hi, > > We're using Apache 2.2.15, with mod_proxy_http for proxying requests to backend processes. > > Here's the relevant configuration we use: > > <ProxyMatch http://localhost:9001> > > That is not valid syntax for ProxyMatch, which requires a regular expression. > Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch for details. > > > ProxySet smax=5 max=20 ttl=120 keepalive=On > </ProxyMatch> > > Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we see Apache returning 200 to the client (just changed the URL): > > 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" 200 - 300515625 > > > No way to know that the proxy is being hit. > > > > > > Is that the expected behavior? I would expect an error code, maybe 504. > > Thanks, > Moshe Ben Shoham > Perfecto Mobile --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|