Bug 40416

Summary: mod_proxy_ftp cannot connect under http load in forward proxy
Product: Apache httpd-2 Reporter: Jon Snow <jsnow27>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED LATER    
Severity: major Keywords: MassUpdate
Priority: P2    
Version: 2.2.2   
Target Milestone: ---   
Hardware: Sun   
OS: Solaris   

Description Jon Snow 2006-09-05 14:41:39 UTC
Using 2.2.3 on SUN/solaris and PC/suse-linux in a forward proxy configuration.
Without other http connections the ftp functionality is fine. With other http
connections the ftp starts to fail increasingly under http request load until it
no longer functions. This is easily reproduced using one http connection/sec
through the forward proxy. Although proxy_util.c(2141) says the connection is
complete there are no connection attempts from the proxy to the destination
server. This was checked with snoop/tcpdump. In the example below note the
hostname as www.gatesec.net for the ftp.suse.org address (195.135.221.132).

Successful connections show this:
Sep  5 23:34:48 hereford fproxy1: [Tue Sep 05 23:34:48 2006] [debug]
mod_proxy_ftp.c(894): proxy: FTP: connecting ftp://ftp.suse.com/ to ftp.suse.com:21
Sep  5 23:34:48 hereford fproxy1: [Tue Sep 05 23:34:48 2006] [debug]
proxy_util.c(2141): proxy: FTP: connection complete to 195.135.221.132:21 ((null))

Unsuccessful connections show this when using one connection/sec to
http://www.gatesec.net:
Sep  5 23:45:19 hereford fproxy1: [Tue Sep 05 23:45:19 2006] [debug]
mod_proxy_ftp.c(894): proxy: FTP: connecting ftp://ftp.suse.com/ to ftp.suse.com:21
Sep  5 23:45:19 hereford fproxy1: [Tue Sep 05 23:45:19 2006] [debug]
proxy_util.c(2141): proxy: FTP: connection complete to 195.135.221.132:21
(www.gatesec.net)
Sep  5 23:45:19 hereford fproxy1: [Tue Sep 05 23:45:19 2006] [debug]
mod_proxy_ftp.c(981): proxy: FTP: control connection complete
Sep  5 23:45:21 hereford fproxy1: [Tue Sep 05 23:45:21 2006] [debug]
mod_proxy_ftp.c(626): proxy:<FTP: 4294967295 <unable to read result>
Sep  5 23:45:21 hereford fproxy1: [Tue Sep 05 23:45:21 2006] [debug]
proxy_util.c(1816): proxy: FTP: has released connection for (*)
Sep  5 23:45:21 hereford fproxy1: [Tue Sep 05 23:45:21 2006] [error] [client
127.0.0.1] proxy: Error reading from remote server returned by ftp://ftp.suse.com/
Sep  5 23:45:21 hereford fproxy1: 127.0.0.1 - - [05/Sep/2006:23:45:19 +1000]
"GET ftp://ftp.suse.com/ HTTP/1.1" 502 67 "-" "Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"

/opt/chroot/fproxy-2.2.3/bin/httpd -l
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_include.c
  mod_filter.c
  mod_log_config.c
  mod_logio.c
  mod_env.c
  mod_headers.c
  mod_proxy.c
  mod_proxy_connect.c
  mod_proxy_ftp.c
  mod_proxy_http.c
  mod_proxy_ajp.c
  mod_proxy_balancer.c
  worker.c
  http_core.c
  mod_status.c
  mod_cgid.c
  mod_dir.c

/opt/chroot/fproxy-2.2.3/bin/httpd -V
Server version: Apache/2.2.3
Server built:   Sep  5 2006 22:33:20
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   32-bit
Server MPM:     Worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/fproxy-2.2.3"
 -D SUEXEC_BIN="/fproxy-2.2.3/bin/suexec"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
Comment 1 Mark Pauley 2007-08-06 16:02:42 UTC
I see this with 2.2.4 on Mac OS X 10.4.10 (ppc) compiled with 

 ./configure --enable-mods=all --enable-mods-shared=all --enable-ssl -enable-deflate --enable-
headers --enable-proxy --enable-dav --prefix=/usr/local/apache2.2

I can reproduce this fairly easily with a threaded ftp get via an ftp proxy.
Comment 2 Jeff Wu 2008-03-05 16:47:35 UTC
maybe it's the same as #44543
something wrong in the worker re-using stuff.
	

Comment 3 William A. Rowe Jr. 2018-11-07 21:08:34 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.