Re: Potential HTTP/2 Bug within Apache 2.4.18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Russel,

if you have a apxs installed, it's probably easiest to checkout and make the github alpha
release from https://github.com/icing/mod_h2/releases/tag/v1.2.8 where I just released the
fix. There are other bug fixes in there, that should be good to have as well.

If you want to stay on the pure 2.4.18, you can apply this patch:

Attachment: proxy-authority.patch
Description: Binary data


Let me know if this works for you.

-Stefan

> Am 14.03.2016 um 11:35 schrieb Russel Van Tuyl <russel.vantuyl@xxxxxxxxx>:
> 
> I've never applied or tested a patch before, but i'm willing to give it a shot.
> 
> On Mon, Mar 14, 2016 at 5:35 AM, Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx> wrote:
> 
> > Am 13.03.2016 um 04:18 schrieb Russel Van Tuyl <russel.vantuyl@xxxxxxxxx>:
> >
> > I'm running an Apache 2.4.18 web server (Server-A) compiled from source as a reverse proxy. I'm using ProxyPass on Server-A to pass traffic to a proxy, nghttpx, listening on 127.0.0.1:3000. This nghttpx proxy sends traffic to a second server, Server-B, across the network. Connections from a web browser on Client-C work fine connecting to Server-A that connects to nghttpx proxy on 127.0.0.1:3000 that connects to Server-B. These connections only work when Server-B is using Apache 2.4.17. When Server-B is using Apache 2.4.18 the connection errors out and will not complete. The exact error message is down below this narrative. I'm not sure why it is requesting http://(null)/ . At this point, the only that has changes is Server-B's version of Apache. Neither Server-A or the nghttpx's configuration change, just the version of Apache on Server-B. I've built both Apache 2.4.17 and 2.4.18 from source on Server-B using the same configurations. The debug output from mod_http2 for both a failed and successful connection can be found here: http://pastebin.com/XnUL8aeh . Is this is a bug in Apache 2.4.18 or is there something else I can try and do to narrow the problem down?
> >
> >
> > [Sat Mar 12 20:54:53.087621 2016] [http2:debug] [pid 21439:tid 140096657385216] h2_stream.c(321): [client 192.168.56.120:34283] h2_stream(73-1): RST=2 (internal err) GET http://(null)/
> 
> What I see from the 2.4.18 log is that the incoming request has no ':authority' header and is rejected. Reading RFC 7540 carefully, this is a bug. The nghttpx, acting as h1->h2 proxy MUST not send and :authority header. nghttpx does everything right and mod_http2 has it wrong.
> 
> Are you able to apply/test a patch?
> 
> -Stefan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 
> 
> -- 
> Respectfully,
> Russel Van Tuyl
> 
> “If you don’t go after what you want, you’ll never have it. If you don’t ask, the answer is always no. If you don’t step forward, you’re always in the same place.” -- Nora Roberts, author


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux