Re: Handling 413 Errors with ProxyPass

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1 May 2017 at 19:17, Liwei <xieliwei@xxxxxxxxx> wrote:
>
> Hi Nick, replies inline...
>
> On Mon, 1 May 2017 at 18:14 Nick Kew <niq@xxxxxxxxxx> wrote:
>>
>> On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
>> > Hi list,
>> >     I'm seeing an unexpected behaviour when a 413 Request Entity Too
>> > Large error occurs on a site proxied with Apache 2.4.25. There is an
>> > ErrorDocument configured for this error but it does not show up as
>> > (from the error page itself):
>> >     "Additionally, a 413 Request Entity Too Large error was
>> > encountered while trying to use an ErrorDocument to handle the
>> > request."
>>
>> I'm not clear on the division of responsibilities between
>> your proxy and backend here.  Is this Apache as proxy generating
>> a recursive error?  Is it the proxy or the backend that's rejecting
>> the request (and thus generating a 413) in the first place?
>> Is the 413 being generated due to a Content-Length header, or
>> actual request data, or something else?  Is there an
>> Expect ... 100 Continue negotaition anywhere there?
>
>
> Ah yes, not sure why I left out this crucial bit of information.
>
> Apache is acting as a proxy with mod_security being used to limit the maximum request sizes. The backend processes user uploads, and once in a while, someone tries to upload something larger than normal. Instead of rejecting the file on the different backends, we've decided to put the rejection on the proxy using mod_security:
>
>     SecRequestBodyLimit 10240000
>     SecRequestBodyNoFilesLimit 102400
>     SecRequestBodyLimitAction Reject
>
> So Apache is the one generating the 413, but we have a specific error document on the backend that's shown to the user when the 413 error occurs:
>
>     (This is still a configuration line from the Apache proxy)
>     ErrorDocument 413 /ErrFileTooLarge
>
> I assume mod_security does the size limit enforcement by both inspecting the Content-Length header and the actual data.
>
>>
>>
>> >     I do see the error page being requested on the proxied site by
>> > Apache, but Apache does not show it.
>>
>> What do you mean by an error page being requested?
>>
>> >     Is this expected or unexpected behavior?
>>
>> No.  That "Additionally ..." is fallback if normal processing fails.
>>
>> Can't be sure, but I suspect you've found a bug (the alternative
>> is a configuration error).  If you can come up with a test case
>> to reproduce the behaviour, an entry in Bugzilla would be in order.
>
>
> I would have expected Apache to still deliver the configured ErrorDocument for a 413 error that mod_security/apache generates, but not sure if it is a configuration problem or it has specifically been designed to behave that way. Thought I'd confirm with the list first before opening an issue.
>
>>
>>
>> --
>> Nick Kew
>>

Hi Nick,
    Apologies, it appears that I missed out answering the following question:
        "What do you mean by an error page being requested?"

    On the backend, I do see Apache requesting for the
/ErrFileTooLarge error document. The backend also delivers the page
successfully, so I'm puzzled as to why Apache does not show the
configured error page and instead shows the default error page with
the "Additionally..." error.

    Just to be clear:
        1. The backend did not reject Apache's request for the
/ErrFileTooLarge page with a 413 error.
        2. The /ErrFileTooLarge page is only a couple of hundred bytes
large, so unlikely to have tripped any of the size limits we have
configured

Warm regards,
Liwei

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux