Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-129

httpd/mod_proxy prepends error page for HEAD request to a next response for next GET request

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • httpd 2.4.37 SP1 ER1
    • httpd 2.4.6 GA
    • httpd
    • None
    • 8
    • +
    • Hide

      Steps to reproduce:

      0. Put two pages on the backend server:

      /example/index.html
      <html>
<h1>/example/index.html</h1>
</html>
      /example/index.html (for custom error page)
       (probably webapps/examples/error404.jsp)
<html>
<h1>404 Not Found! - 404_not_found.html</h1>
</html>

      1. Configure mod_proxy with the following config:

          ProxyPass / http://127.0.0.1:8080/
    ProxyErrorOverride On
    ErrorDocument 404 /error/404_not_found.html

      2. Send a HEAD request to non-existent page to get 404 

          curl -I -v http://localhost/nonexistentpage

      3. Send a normal GET request to an existing page

          curl -v http://localhost/example/index.html

      4. You will see a error page content on the top of response

      Notes:

      • Although "ProxyErrorOverride On" is specfied, "/error/404_not_found.html" specified in "ErrorDocument" is not located on the local machine (inside apache httpd) but located on the backend server.
      • Make sure that you configure ProxyPass to cover path for error page because this issue occurs only when error page is proxied to the backend server. You can use "ProxyPass / ..." or "ProxyPassMatch ^/.*$ ..." to reproduce easily.
      • The issue happens when same apache child process handle the two requests (HEAD for 404 response and GET for 200 response). You may need to send multiple requests to hit the same child process.

      Actual results:

      An error page content "<html><h1>404 Not Found! - 404_not_found.html</h1></html>" will be shown at the top of the response.

      For example:

      $ curl -v http://localhost/example/index.html
> GET /example/index.html HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Fri, 19 Aug 2016 13:17:53 GMT
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
< 
<html><h1>404 Not Found! - 404_not_found.html</h1>
</html>
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"45-1471612521000"
Last-Modified: Fri, 19 Aug 2016 13:15:21 GMT
Content-Type: text/html
Content-Length: 45
Date: Fri, 19 Aug 2016 13:17:53 GMT

<html>
<h1>/example/index.html</h1>
</html>

      Expected results:

      Get only an actual response of /example/index.html only without an error page content for the last HEAD request.

      Show
      Steps to reproduce: 0. Put two pages on the backend server: /example/index.html <html> <h1>/example/index.html</h1> </html> /example/index.html (for custom error page) (probably webapps/examples/error404.jsp) <html> <h1>404 Not Found! - 404_not_found.html</h1> </html> 1. Configure mod_proxy with the following config: ProxyPass / http: //127.0.0.1:8080/ ProxyErrorOverride On ErrorDocument 404 /error/404_not_found.html 2. Send a HEAD request to non-existent page to get 404 curl -I -v http: //localhost/nonexistentpage 3. Send a normal GET request to an existing page curl -v http: //localhost/example/index.html 4. You will see a error page content on the top of response Notes: Although "ProxyErrorOverride On" is specfied, "/error/404_not_found.html" specified in "ErrorDocument" is not located on the local machine (inside apache httpd) but located on the backend server. Make sure that you configure ProxyPass to cover path for error page because this issue occurs only when error page is proxied to the backend server. You can use "ProxyPass / ..." or "ProxyPassMatch ^/.*$ ..." to reproduce easily. The issue happens when same apache child process handle the two requests (HEAD for 404 response and GET for 200 response). You may need to send multiple requests to hit the same child process. Actual results: An error page content "<html><h1>404 Not Found! - 404_not_found.html</h1></html>" will be shown at the top of the response. For example: $ curl -v http: //localhost/example/index.html > GET /example/index.html HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: localhost > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 19 Aug 2016 13:17:53 GMT < Connection: close < Transfer-Encoding: chunked < Content-Type: text/html; charset=UTF-8 < <html><h1>404 Not Found! - 404_not_found.html</h1> </html> HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/ "45-1471612521000" Last-Modified: Fri, 19 Aug 2016 13:15:21 GMT Content-Type: text/html Content-Length: 45 Date: Fri, 19 Aug 2016 13:17:53 GMT <html> <h1>/example/index.html</h1> </html> Expected results: Get only an actual response of /example/index.html only without an error page content for the last HEAD request.

    Description

      When Apache httpd/mod_proxy is configured with "ProxyErrorOverride On" and ErrorDocument is located on the backend server, httpd/mod_proxy prepends an error page body for HEAD request to a next response for next GET request.

      Additional info:
      Same report for Apache httpd 2.2.15 included in RHEL 6: https://bugzilla.redhat.com/show_bug.cgi?id=1368470
      Same report for Apache httpd 2.4.6 included in RHEL 7: https://bugzilla.redhat.com/show_bug.cgi?id=1368471

      Attachments

        1. jbcs129_DoS.pl
          2 kB
        2. jbcs129_reproducer.pl
          1 kB
        3. jbcs129_reproducer.pl
          1 kB
        4. reproducer_logs_conf.zip
          3 kB

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JWS-491 httpd/mod_proxy prepends error page for HEAD request to a next response for next GET request

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JWS-183 Use of ProxyErrorOverride causes slow response time for error status code (4xx)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              dsartzet@redhat.com Dimitris Sartzetakis (Inactive)
              rhn-support-mmiura Masafumi Miura
              Jan Onderka Jan Onderka
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: