mod_proxy and Content-Length

2002-10-10 Thread rreiner 

[The cc recipients of this message are those httpd-dev posters who've 
been involved in the recent C-L discussion(s)]

Problems with 2.0.42 and mod_proxy with Content-Length:

  - 2.0.39 stripped C-L from all HTTP/1.0 responses.
  - 2.0.40 retained C-L on HTTP/1.0 responses for GETs, but stripped it 
for HEAD.
  - 2.0.42 strips C-L from all HTTP/1.0 responses.

Do people think that the 2.0.42 behaviour (stripping C-L from all 
HTTP/1.0 responses) is correct?  The messages referenced below would 
suggest not, but .42 has reverted to .39's behaviour.

It's NOT obvious that the present behaviour complies with RFC2616, of 
which section 13.5.2  states (in part): The Content-Length field of a 
request or response is added or deleted
according to the rules in section 4.4, although section 4.4 is plenty 
vague about what the rules applicable to a proxy are.

Before I consider committing some of our internal resources to start 
work on a fix for this (the problem has some urgency for us in a 
specific application, as .42's behaviour is breaking things for a 
specific automated user agent we use), I wanted to confirm the group's 
thinking about this...

Thanks,

Richard

References:
  http://marc.theaimsgroup.com/?l=apache-httpd-devm=103024480807478w=2
  http://marc.theaimsgroup.com/?l=apache-httpd-devm=102991563528702w=2
  And this long thread: 
http://marc.theaimsgroup.com/?l=apache-httpd-devm=102769842621987w=2


--
. Richard Reiner, Ph.D.
. FSC Internet Corp.
. 229 Yonge Street, Toronto, Ontario, Canada  M5B 1N9
. Tel: +1 416 921 4280, Fax: +1 416 966 2451
. [EMAIL PROTECTED], http://www.fscinternet.com

Re: [PATCH] WWW-Authenticate header lost when reverse-proxying

2002-09-20 Thread rreiner 

[EMAIL PROTECTED] wrote:

 ***
 *** 969,974 
 --- 980,986 
*/
   int status = r-status;
   r-status = HTTP_OK;
 +   ap_discard_request_body(rp);
   return status;
   }
   } else

How does this part fit into the bugfix? (Doesn't seem related to the 
bug
to me, but then I haven't looked at it that closely, just wondering)

If we don't discard the request body that accompanied the 401 response, 
it is still there on the socket when auth succeeds... and is therefore 
prepended, in it's raw chunked glory, when the actual content page from 
the origin server is served to the client.

WWW-Authenticate header lost when reverse-proxying

2002-09-19 Thread rreiner 

(Correction to previous posting: This error *only* occurs with 
`ProxyErrorOverride On'.)


When operating as a reverse proxy, with `ProxyErrorOverride On', 
mod_proxy incorrectly fails to pass through the WWW-Authenticate 
response header on 401 responses.

It seems the problem is that ap_send_error_response() clears 
r-headers_out, while ap_proxy_http_process_response() does not copy 
the WWW-Authenticate header into r-err_headers_out.

A patch which fixes this follows.  Note that this has NOT received 
extensive testing.

*** modules/proxy/proxy_http.c.orig Thu Sep 19 14:47:51 2002
--- modules/proxy/proxy_http.c  Thu Sep 19 17:38:36 2002
***
*** 863,868 
--- 863,879 
  }
  }
  
+   if ((r-status == 401)  (conf-error_override != 0)) {
+   const char *buf;
+   const char *wa = WWW-Authenticate;
+   if (buf = apr_table_get(r-headers_out, wa)) {
+   apr_table_set(r-err_headers_out, wa, buf);
+   } else {
+   ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server,
+proxy: origin server sent 401 without w-a 
header);
+   }
+   }
+ 
  r-sent_bodyct = 1;
  /* Is it an HTTP/0.9 response? If so, send the extra data */
  if (backasswards) {
***
*** 969,974 
--- 980,986 
   */
  int status = r-status;
  r-status = HTTP_OK;
+   ap_discard_request_body(rp);
  return status;
  }
  } else

[PATCH] WWW-Authenticate header lost when reverse-proxying

2002-09-19 Thread rreiner 

Apologies for the resend; I omitted to mark this as a [PATCH].

When operating as a reverse proxy, with `ProxyErrorOverride On', 
mod_proxy incorrectly fails to pass through the WWW-Authenticate 
response header on 401 responses.

It seems the problem is that ap_send_error_response() clears 
r-headers_out, while ap_proxy_http_process_response() does not copy 
the WWW-Authenticate header into r-err_headers_out.

A patch which fixes this follows.  Note that this has NOT received 
extensive testing.

*** modules/proxy/proxy_http.c.orig Thu Sep 19 14:47:51 2002
--- modules/proxy/proxy_http.c  Thu Sep 19 17:38:36 2002
***
*** 863,868 
--- 863,879 
  }
  }
  
+   if ((r-status == 401)  (conf-error_override != 0)) {
+   const char *buf;
+   const char *wa = WWW-Authenticate;
+   if (buf = apr_table_get(r-headers_out, wa)) {
+   apr_table_set(r-err_headers_out, wa, buf);
+   } else {
+   ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server,
+proxy: origin server sent 401 without w-a 
header);
+   }
+   }
+ 
  r-sent_bodyct = 1;
  /* Is it an HTTP/0.9 response? If so, send the extra data */
  if (backasswards) {
***
*** 969,974 
--- 980,986 
   */
  int status = r-status;
  r-status = HTTP_OK;
+   ap_discard_request_body(rp);
  return status;
  }
  } else

WWW-Authenticate header lost when reverse-proxying chunked response

2002-09-18 Thread rreiner 

The WWW-Authenticate header is being dropped from responses sent by 
mod_proxy in reverse proxy mode, when the original server's response 
was chunked.

The problem appears to be in ap_http_header_filter() in 
modules/http/http_protocol.c, where we have:

if (r-status == HTTP_NOT_MODIFIED) {
apr_table_do((int (*)(void *, const char *, const char *)) 
form_header_field,
 (void *) h, r-headers_out,
 Connection,
 Keep-Alive,
 ETag,
 Content-Location,
 Expires,
 Cache-Control,
 Vary,
 Warning,
 WWW-Authenticate,
 Proxy-Authenticate,
 NULL);
}
else {
apr_table_do((int (*) (void *, const char *, const char *)) 
form_header_field,
 (void *) h, r-headers_out, NULL);
}

I would think that in the else case at least the WWW-Authenticate 
header should be handled.  Are there other headers that should also be 
handled here?