Bug 62293

Summary: [Windows] [2.4.29 -> 2.4.33] Can't connect backend http server without ssl from reverse proxy server with ssl enabled.
Product: Apache httpd-2 Reporter: Hikaru <y512yuki>
Component: mod_proxy_httpAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: normal CC: y512yuki
Priority: P2    
Version: 2.4.33   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Hikaru 2018-04-12 14:52:43 UTC
	Can't connect backend source http server without ssl from reverse proxy server with ssl enabled.

When it occurs:
	Always (Connect reverse proxy from client)

Error messages (Client side):
	Gateway Timeout
	The gateway did not receive a timely response from the upstream server or application.

Error logs (Server side):
	[Thu Apr 12 22:57:01.642278 2018] [proxy:error] [pid 2748:tid 1180] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  : [client] AH01084: pass request body failed to (sv05.example.com)
	[Thu Apr 12 22:57:01.642278 2018] [proxy_http:error] [pid 2748:tid 1180] [client] AH01097: pass request body failed to (sv05.example.com) from ()

Solution in my environments:
	Revert changes in "mod_proxy_http.c" function "proxy_http_handler" to version 2.4.29.
	Then, run perfectly.

	@@ -1948,8 +1948,8 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
	         /* Step Three: Create conn_rec */
	         if (!backend->connection) {
	-            if ((status = ap_proxy_connection_create_ex(proxy_function,
	-                                                        backend, r)) != OK)
	+            if ((status = ap_proxy_connection_create(proxy_function, backend,
	+                                                     c, r->server)) != OK)

My environments:
	Windows 7 x86 on Hyper-V
	Windows Server 2016 x64 on Hyper-V

Configurations (Reverse proxy):
	# If change "SSLEngine" to "off" and access reverse proxy server via non-ssl http, will connect successful.
	# But this is not solution. I lost access from TLS clients.

	<VirtualHost *:443>
		ServerAdmin network@example.com
		DocumentRoot "/Test/"

		ServerName ssl.example.com

		ProxyRequests Off
		ProxyPreserveHost On
		ProxyPass / http://sv05.example.com/
		ProxyPassReverse / http://sv05.example.com/

		SSLEngine on
		SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
		SSLHonorCipherOrder off

		SSLCertificateFile conf/SSL/Site.cer
		SSLCertificateKeyFile conf/SSL/Site.key
		SSLCACertificateFile conf/SSL/CA.cer
Comment 1 Ruediger Pluem 2018-04-12 19:11:42 UTC
Does http://svn.apache.org/viewvc?view=revision&revision=1828735 also fix your issue?
Comment 2 ssr 2018-08-17 16:11:37 UTC
I am also getting same error. 

Bad Gateway
The proxy server received an invalid response from an upstream server.

I am using the Apache 2.4.33 and seeing same error.

[Fri Aug 17 15:59:53.628596 2018] [proxy:error] [pid 8120:tid 140701937407744] (70014)End of file found: [client] AH01084: pass request body failed t
o (
[Fri Aug 17 15:59:53.628612 2018] [proxy_http:error] [pid 8120:tid 140701937407744] [client] AH01097: pass request body failed to
( from ()

When I tried to do TCPDUMP, i see the request is not having PUSH packet to the backend TOMCAT when the request is done on HTTPS:443 from Apache to TOMCAT.

We need to fix this as i am stuck with this issue.
Comment 3 William A. Rowe Jr. 2018-08-17 16:22:23 UTC
Please retest with 2.4.34 current release and report back?
Comment 4 ssr 2018-08-20 08:27:38 UTC
Yes, Apache 2.4.34 is working perfectly fine. Thanks much William.