Bug 64919

Summary: mod_proxy_fcgi fails to parse headers with a string length over 8192
Product: Apache httpd-2 Reporter: Brandon Locke <blocke>
Component: mod_proxy_fcgiAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: major CC: blocke, corlando, pauloehler01
Priority: P2    
Version: 2.4.46   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: A PHP script with a long header.

Description Brandon Locke 2020-11-11 22:33:33 UTC
Created attachment 37560 [details]
A PHP script with a long header.

We've recently run into an issue on a live site running the magento shopping cart software. With Magento there are cases where the headers have string lengths longer than 8192 characters. These long headers are causing mod_proxy_fcgi to fail parsing the headers. 

Steps to Reproduce:

1.) Configure mod_proxy_fcgi to send php request to a local php-fpm service
2.) Create a php page with a header string longer than 8192 (example is attached).
3.) Load the page.

Expected Outcome:

Page renders "this is a test, only a test"

Actual Outcome:

Page fails to load with ERR_INVALID_RESPONSE and the following error in error_log:

[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] Premature end of script headers: bh.php
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] AH01070: Error parsing script headers
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] (22)Invalid argument: [client 31.125.74.55:39714] AH01075: Error dispatching request to :

We've found a work-around that involves changing the compile time limit (increasing HUGE_STRING_LEN in httpd.h), but we don't assume that is the recommended way to solve this issue.