Hi Group
I'm fairly confident I've found a bug in mod_proxy in Apache 2.2.9 but
would like your opinion before I log anything to the bug tracker. It's
something I discovered while working in mod_python, but I've managed
to get it occurring with a bare-bones Apache 2.2.9 setup using only
mod_proxy and mod_headers:
This is my vhost configuration:
ProxyRequests Off
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
<VirtualHost *:80>
ServerName munchkin.synthesis.co.za
Header add Set-Cookie "MOD_PROXY_FOOD=FOO;" early
Header add Set-Cookie "MOD_PROXY_KEEP=BAR;"
<Location /sonik/>
ProxyPass http://192.168.16.225:8118/sonik/
</Location>
ErrorLog /home/tom/dev/apache/deploy/logs/error.log
LogLevel notice
CustomLog /home/tom/dev/apache/deploy/logs/access.log combined
</VirtualHost>
The config above is forwarding requests to /sonik/ to another host
after setting two cookies, one early and one late. I am no Apache
guru, but as I understand it the early cookie is set before handlers
are processed (i.e. before modproxy kicks in) and the late will be
appended to the response after modproxy has done it's processing and
produced a complete response. Also (as far as I understand) modproxy
should try to preserve any headers already set before processing by
merging the headers before and after processing (especially any
Set-Cookie headers).
So in general this works as expected, with both cookies being returned
to the caller for regular GET and POST requests. However the problem
I've noticed is where the request contains an "Expect:100-Continue",
that the early cookie is discarded by modproxy. After some further
investigation the root problem appears that modproxy doesn't handle
the "HTTP/1.1 100 Continue\r\n\r\n" within the response from the
back-end host nicely when performing the merging of headers. I
discovered this by writing back both of these responses from the
back-end host:
"HTTP/1.1 200 OK
Content-Length: 1
"
And
"HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Content-Length: 1
"
The first response produces a final response to the client which
contains both Set-Cookie headers, and the second response produces a
final response to the client which contains only the late Set-Cookie
header.
Maybe this is normal modproxy behaviour, I can't be certain, but
reading through some of mod_proxy_http.c seems to show that this is
the intention. However I was able to test this on another Apache
instance running 2.2.4 and modproxy retains both cookies in both
cases. So either this is a bug in 2.2.9 or it's a bug that was fixed
since 2.2.4.
Your thoughts?
Thanks,
Tom
--
http://www.tomwells.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
