Re: Problem with mod_proxy and chunked content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's apache 2.2 on RedHat. It's the same Apache that acts as a Proxy.
I've found some issues regarding headers with mod_proxy and chunking and I think it might be a bug in mod_proxy, but to check that I need to intercept the requests generated by the backend, which I can't do ATM.

Dieter

On 17 Nov 2014, at 10:58, Stefan Magnus Landrø <stefan.landro@xxxxxxxxx<mailto:stefan.landro@xxxxxxxxx>> wrote:

I'd try to make the backend generate a valid http response instead. What kind of web-server is it?

Stefan

2014-11-17 10:50 GMT+01:00 Blomme Dieter <Dieter.Blomme@xxxxxxxxxxxx<mailto:Dieter.Blomme@xxxxxxxxxxxx>>:
We have fixed this problem temporarily. What I've noticed is that the header isn't there and inserting it (e.g. with burp or fiddler), fixes the problem. I've then tried to insert the header in the vhost that acts as a proxy, but the header didn't appear. I think that mod_proxy strips that header as the last part of the request.

We've now fixed the problem by making sure our load balancer enforces http 1.0 for the requests that were problematic. Later on we'll take another look at this problem when we have more time.

Thans Stefan for the hint! ;)

kind regards,

On 13 Nov 2014, at 19:08, Blomme Dieter <Dieter.Blomme@xxxxxxxxxxxx<mailto:Dieter.Blomme@xxxxxxxxxxxx>> wrote:

> Yes, but I thought that if that header is missing, it should still check if the data is chunked, is that incorrect?
>
>> On 13 Nov 2014, at 18:52, Stefan Magnus Landrø <stefan.landro@xxxxxxxxx<mailto:stefan.landro@xxxxxxxxx>> wrote:
>>
>> The transfer encoding header is missing, right?
>>
>> Sendt fra min iPhone
>>
>>> Den 13. nov. 2014 kl. 18.13 skrev Blomme Dieter <Dieter.Blomme@xxxxxxxxxxxx<mailto:Dieter.Blomme@xxxxxxxxxxxx>>:
>>>
>>> Hi,
>>>
>>> We have a problem with mod_proxy and chunked content.
>>> We use mod_proxy to selectively request pages from a second site, the ProxyPass and ProxyPassReverse statements are in the vhost file. Nearly all requests are OK, Except for one type of request which can't be handled properly. We use SAML SSO and upon logging out, the response from a simplesaml service provider is not correct. It is chunked, but is not parseable. The problem is the chunk part within the SAML Response. This is also visible in the response (see below). I have googled this and searched Apache's bugzilla, but there is no solution I've tried that works.
>>> Not forcing http1.0, sendcl, ...
>>>
>>> Can anybody please help with this issue?
>>>
>>> Thanks very much in advance!
>>>
>>>
>>> HTTP/1.1 200 OK
>>> Date: Thu, 13 Nov 2014 16:23:02 GMT
>>> Server: Apache/2.2.15 (Red Hat)
>>> X-Powered-By: PHP/5.3.3
>>> X-Robots-Tag: noindex,noarchive
>>> Content-Type: text/html; charset=UTF-8
>>> X-Robots-Tag: noindex,noarchive
>>> Keep-Alive: timeout=5, max=100
>>> Connection: Keep-Alive
>>> Vary: Accept-Encoding
>>> Content-Length: 7460
>>>
>>> 132
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>>      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
>>> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
>>> <head>
>>>  <meta http-equiv="content-type" content="text/html; charset=utf-8" /><script type="text/javascript">
>>> 36d
>>> window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o?o:e)},o,o.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return r}({QJf3ax:[function(t,e){function n(t){function e(e,n,a){t&&t(e,n,a),a||(a={});for(var c=u(e),f=c.length,s=i(a,o,r),p=0;f>p;p++)c[p].apply(s,n);return s}function a(t,e){f[t]=u(t).concat(e)}function u(t){return f[t]||[]}function c(){return n(e)}var f={};return{on:a,emit:e,create:c,listeners:u,_events:f}}function r(){return{}}var o="nr@context",i=t("gos");e.exports=n()},{gos:"7eSDFh"}],ee:[function(t,e){e.exports=t("QJf3ax")},{}],gos:[function(t,e){e.exports=t("7eSDFh")},{}],"7eSDFh":[function(t,e){function n(t,e,n){if(r.call(t,e))return t[e];var o=n();if(Object.definePr
>>> 5a8
>>> operty&&Object.keys)try{return Object.defineProperty(t,e,{value:o,writable:!0,enumerable:!1}),o}catch(i){}return t[e]=o,o}var r=Object.prototype.hasOwnProperty;e.exports=n},{}],D5DuLP:[function(t,e){function n(t,e,n){return r.listeners(t).length?r.emit(t,e,n):(o[t]||(o[t]=[]),void o[t].push(e))}var r=t("ee").create(),o={};e.exports=n,n.ee<http://n.ee/>=r,r.q=o},{ee:"QJf3ax"}],handle:[function(t,e){e.exports=t("D5DuLP")},{}],XL7HBI:[function(t,e){function n(t){var e=typeof t;return!t||"object"!==e&&"function"!==e?-1:t===window?0:i(t,o,function(){return r++})}var r=1,o="nr@id",i=t("gos");e.exports=n},{gos:"7eSDFh"}],id:[function(t,e){e.exports=t("XL7HBI")},{}],loader:[function(t,e){e.exports=t("G9z0Bl")},{}],G9z0Bl:[function(t,e){function n(){var t=l.info<http://l.info/>=NREUM.info;if(t&&t.agent&&t.licenseKey&&t.applicationID&&c&&c.body){l.proto="https"===p.split(":")[0]||t.sslForHttp?"https://":"http://",a("mark",["onload",i()]);var e=c.createElement("script");e.src=l.proto+t.agent,c.body.appendChild(e)}}function r(){"complete"===c.readyState&&o()}function o(){a("mark",["domContent",i()])}function i(){return(new Date).getTime()}var a=t("handle"),u=window,c=u.document,f="addEventListener",s="attachEvent",p=(""+location).split("?")[0],l=e.exports={offset:i(),origin:p,features:{}};c[f]?(c[f]("DOMContentLoaded",o,!1),u[f]("load",n,!1)):(c[s]("onreadystatechange",r),u[s]("onload",n)),a("mark",["firstbyte",i()])},{handle:"D5DuLP"}]},{},["G9z0Bl"]);</script>
>>>  <t
>>> 27c
>>> itle>POST data</title>
>>> </head>
>>> <body onload="document.getElementsByTagName('input')[0].click();">
>>>
>>>  <noscript>
>>>      <p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p>
>>>  </noscript>
>>>
>>>  <form method="post" action="https://qa.aether.gent.be/saml/idp/profile/post/slr";>
>>>  <!-- Need to add this element and call click method, because calling submit()
>>>  on the form causes failed submission if the form has another element with name or id of submit.
>>>  See: https://developer.mozilla.org/en/DOM/form.submit#Specification -->
>>>  <input type="submit" style="display:none;" />
>>>
>>> 8d4
>>> <input type="hidden" name="SAMLResponse" value="
>>> <<<First part of samlresponse>>>>
>>> 75e
>>> <<<Second part of samlresponse>>>>
>>> " />
>>>      <noscript>
>>>          <input type="submit" value="Submit" />
>>>      </noscript>
>>>  </form>
>>>
>>> <<<<removed content>>>>>
>>> 0
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx<mailto:users-help@xxxxxxxxxxxxxxxx>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx<mailto:users-help@xxxxxxxxxxxxxxxx>
>>
>
>  B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB� � [��X��ܚX�K  K[XZ[ � \�\��][��X��ܚX�P      �\ X� K�ܙ�B��܈ Y  ] [ۘ[  ��[X[� �  K[XZ[ � \�\��Z [        �\ X� K�ܙ�B




--
BEKK Open
http://open.bekk.no<http://open.bekk.no/>

TesTcl - a unit test framework for iRules
http://testcl.com<http://testcl.com/>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux