Re: Handling 413 Errors with ProxyPass

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Nick, replies inline...

On Mon, 1 May 2017 at 18:14 Nick Kew <niq@xxxxxxxxxx> wrote:
On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
> Hi list,
>     I'm seeing an unexpected behaviour when a 413 Request Entity Too
> Large error occurs on a site proxied with Apache 2.4.25. There is an
> ErrorDocument configured for this error but it does not show up as
> (from the error page itself):
>     "Additionally, a 413 Request Entity Too Large error was
> encountered while trying to use an ErrorDocument to handle the
> request."

I'm not clear on the division of responsibilities between
your proxy and backend here.  Is this Apache as proxy generating
a recursive error?  Is it the proxy or the backend that's rejecting
the request (and thus generating a 413) in the first place?
Is the 413 being generated due to a Content-Length header, or
actual request data, or something else?  Is there an
Expect ... 100 Continue negotaition anywhere there?

Ah yes, not sure why I left out this crucial bit of information.

Apache is acting as a proxy with mod_security being used to limit the maximum request sizes. The backend processes user uploads, and once in a while, someone tries to upload something larger than normal. Instead of rejecting the file on the different backends, we've decided to put the rejection on the proxy using mod_security:

    SecRequestBodyLimit 10240000
    SecRequestBodyNoFilesLimit 102400
    SecRequestBodyLimitAction Reject

So Apache is the one generating the 413, but we have a specific error document on the backend that's shown to the user when the 413 error occurs:

    (This is still a configuration line from the Apache proxy)
    ErrorDocument 413 /ErrFileTooLarge

I assume mod_security does the size limit enforcement by both inspecting the Content-Length header and the actual data.
 

>     I do see the error page being requested on the proxied site by
> Apache, but Apache does not show it.

What do you mean by an error page being requested?

>     Is this expected or unexpected behavior?

No.  That "Additionally ..." is fallback if normal processing fails.

Can't be sure, but I suspect you've found a bug (the alternative
is a configuration error).  If you can come up with a test case
to reproduce the behaviour, an entry in Bugzilla would be in order.

I would have expected Apache to still deliver the configured ErrorDocument for a 413 error that mod_security/apache generates, but not sure if it is a configuration problem or it has specifically been designed to behave that way. Thought I'd confirm with the list first before opening an issue.
 

--
Nick Kew



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux