On 18.06.2011 21:57, Rainer Jung wrote: > On 16.06.2011 08:35, Moshe Ben-Shoham wrote: >> But this is not the case - the request was perfectly OK, just took the >> backend server too long to handle (note that I am less worried about bogus >> requests because this Apache is behind firewall and only serves requests >> coming from another component in the system, which is under our control). >> >> I would like to focus on my original question: Why did Apache return 200 to >> the client in case of proxy timeout? > > It could be because of CVE-2010-2068, which was fixed in 2.2.16. Please > try again with 2.2.latest.
Forgot to ask: what's your platform? Windows? > You should also fix your configuration before restesting. Read the most > recent online docs about workers in mod_proxy carefully. > > I expect that your ProxySet seetings are not functional the way you > configured them. > > Regards, > > Rainer > >> From: Jeroen Geilman [mailto:jer...@adaptr.nl] >> Sent: Wednesday, June 15, 2011 10:19 PM >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy >> timeout >> >> On 06/15/2011 09:32 AM, Moshe Ben-Shoham wrote: >> Hi, >> >> Thanks for the comment about the ProxyMatch syntax. I will look into it, >> although it works. >> >> Regarding the proxy hit, I know for sure that the request should be proxied >> because is usually does. It matches the following rewrite rule (again, URL >> was changed): >> >> RewriteRule ^/x/y(.*) http://localhost:9003$1 [P] >> >> In addition, every time the timeout occurs, I see the following message in >> the Apache error log, exactly 300 seconds after the request arrives: >> >> [Sat Jun 11 09:00:54 2011] [error] [client 192.168.131.11] (OS 10060)A >> connection attempt failed because the connected party did not properly >> respond after a period of time, or established connection failed because >> connected host has failed to respond. : proxy: error reading status line >> from remote server localhost >> >> >> It means what it says. >> >> Your rule allows bogus constructions like >> http://localhost:9003002001/foobar/. >> >> ALWAYS include slashes at ambiguous locations! >> >> >> >> >> Thanks, >> Moshe Ben Shoham >> Perfecto Mobile >> >> From: Jeroen Geilman [mailto:jer...@adaptr.nl] >> Sent: Wednesday, June 15, 2011 10:18 AM >> To: users@httpd.apache.org<mailto:users@httpd.apache.org> >> Subject: Re: [users@httpd] Apache returns 200 to client in case of proxy >> timeout >> >> On 06/15/2011 08:52 AM, Moshe Ben-Shoham wrote: >> Hi, >> >> We're using Apache 2.2.15, with mod_proxy_http for proxying requests to >> backend processes. >> >> Here's the relevant configuration we use: >> >> <ProxyMatch http://localhost:9001> >> >> That is not valid syntax for ProxyMatch, which requires a regular expression. >> Please see http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxymatch >> for details. >> >> >> ProxySet smax=5 max=20 ttl=120 keepalive=On >> </ProxyMatch> >> >> Hence, the value of "timeout" is 300 seconds. When the timeout occurs, we >> see Apache returning 200 to the client (just changed the URL): >> >> 1181: 192.168.131.11 - - [11/Jun/2011:10:58:53 +0100] "POST /x/y/z HTTP/1.1" >> 200 - 300515625 >> >> >> No way to know that the proxy is being hit. >> >> >> >> >> >> Is that the expected behavior? I would expect an error code, maybe 504. >> >> Thanks, >> Moshe Ben Shoham >> Perfecto Mobile --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
