RE: [users@httpd] proxy and chunk mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry, is not very clear:

I use in Front Apache-2.0.52 with proxy and reverse proxy to the back-end server:

Client--->Apache-proxy<-->Apache-reverse<-->backend server

The back-end server receives the request http without the content-length value. (This one is unset)

Do we have any mark character to finish body http message in chunk mode ?

David.


-----Message d'origine-----
De : William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx] 
Envoyé : lundi 10 octobre 2005 17:36
À : users@xxxxxxxxxxxxxxxx
Objet : Re: [users@httpd] proxy and chunk mode

david micheneau wrote:
> I've a trouble with the chunk mode connection pass through a proxy.
> 
> It seems that the content-length is not forwarded when you use chunk 
> mode via a proxy mode: CHANGE-LOG in :

Uhmmm... most of the time it was never there...

> *) SECURITY: CAN-2005-2088 (cve.mitre.org)
>      proxy: Correctly handle the Transfer-Encoding and Content-Length
>      headers.  *Discard the request Content-Length whenever T-E: chunked*
>      is used, always passing one of either C-L or T-E: chunked whenever 
>      the request includes a request body.  Resolves an entire class of
>      proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
> 
> But now, how we treat a http request, if we don't know the content 
> length via proxy mode ?

Transfer-Encoding: chunked.

All HTTP/1.1 servers and clients are required to support that method.
And HTTP/1.1 servers and clients are required to ignore any
Content-Length: header if Transfer-Encoding: chunked is present.

> May be a noob question but: Why Apache doesn't calculate the 
> content-length himself before to send via the proxy handler ?

It will, for HTTP/1.0 servers.

Care to provide details of a specific problem you are observing?

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux