Bug 54474 - mod_proxy_connect keeps open connection to client
Summary: mod_proxy_connect keeps open connection to client
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_connect (show other bugs)
Version: 2.4.3
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2013-01-23 14:01 UTC by Pavel Mateja
Modified: 2013-03-03 16:48 UTC (History)
0 users



Attachments
Disable Keep-alive for CONNECT (323 bytes, patch)
2013-02-04 12:50 UTC, Pavel Mateja
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Mateja 2013-01-23 14:01:08 UTC
RFC 2817 section 5.3 Establishing a Tunnel with CONNECT says:
"If at any point either one of the peers gets disconnected, any
outstanding data that came from that peer will be passed to the other
one, and after that also the other connection will be terminated by
the proxy."
Which is not what apache 2.4 does.

After upgrade from apache 2.2.23 to 2.4.3 I've encountered problem loading page without Content-Length from HTTPS backend thru proxy.
Backend server sends webpage and closes connection just fine. Proxy keeps connection to client open and eventually closes it after few seconds with message "AH01382: Request header read timeout".

Strange thing is that all requests were fine in 2.2.23 and requests with defined Content-Length are fine in 2.4.3 too.

I was able to make naive workaround which is probably completelly wrong:

--- httpd-2.4.3/modules/proxy/mod_proxy_connect.c  2012-07-28 16:40:23.000000000 +0200
+++ httpd-2.4.3-fixed/modules/proxy/mod_proxy_connect.c   2013-01-23 14:38:10.000000000 +0100
@@ -481,6 +481,8 @@
      * Close the socket and clean up
      */
 
+    apr_socket_close(client_socket);
+
     if (client_error)
         apr_socket_close(sock);
     else
Comment 1 Pavel Mateja 2013-01-23 14:03:36 UTC
Oh, to make it more weird:
The problem was seen with wget. LWP was able to fetch the page without waiting to timeout.
Comment 2 Eric Covener 2013-01-23 15:39:57 UTC
(In reply to comment #1)
> Oh, to make it more weird:
> The problem was seen with wget. LWP was able to fetch the page without
> waiting to timeout.

maybe one sends asks for connection-close or http/1.0 and not the other?
Comment 3 Pavel Mateja 2013-01-28 12:36:17 UTC
debug (In reply to comment #2)
> (In reply to comment #1)
> > Oh, to make it more weird:
> > The problem was seen with wget. LWP was able to fetch the page without
> > waiting to timeout.
> 
> maybe one sends asks for connection-close or http/1.0 and not the other?

Checked. LWP sends just GET, not CONNECT.

But it doesn't matter really. Apache 2.2 was able to close the client connection when backend closed it's side.
Do you know where exactly is the code supposed to do it?

And I realized this are two bugs in one report.
1) open connection.
2) CONNECT is guarded by RequestReadTimeout from mod_reqtimeout instead of general Timeout.
Comment 4 Pavel Mateja 2013-02-04 12:50:00 UTC
Created attachment 29917 [details]
Disable Keep-alive for CONNECT

RFC2817
5.3 Establishing a Tunnel with CONNECT
...
If at any point either one of the peers gets disconnected, any
outstanding data that came from that peer will be passed to the other
one, and after that also the other connection will be terminated by
the proxy. If there is outstanding data to that peer undelivered,
that data will be discarded.

This means we can't keep connection alive after CONNECT method.
Comment 5 Stefan Fritsch 2013-02-04 20:05:27 UTC
mod_proxy_connect has significant changes compared to 2.2, to make it work through https. So it's not really surprising that it behaves differently than in 2.2. 

Thanks for the debugging.
committed to trunk: r1442320
proposed for 2.4
Comment 6 Stefan Fritsch 2013-03-03 16:48:13 UTC
fixed in 2.4.4