Bug 59032 - mod_proxy_http replaces non compliant status-line
Summary: mod_proxy_http replaces non compliant status-line
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_http (show other bugs)
Version: 2.4.17
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2016-02-19 11:06 UTC by Alexandre Schaff
Modified: 2019-08-02 09:32 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Alexandre Schaff 2016-02-19 11:06:36 UTC

I am using httpd as reverse_proxy with mod_proxy_http :

I stumbled upon a backend server answering http response with bogus HTTP 1.1 status-line : 'HTTP/1.1"

RFC says (https://tools.ietf.org/html/rfc7230#section-3.1.2) :
     status-line = HTTP-version SP status-code SP reason-phrase CRLF

From code review : when a response with status line that does not match HTTP/1.x RFC is received, mod_proxy_http assumes the backend is HTTP 0.9.

Result is that mod_proxy sends back the status line ( without ending CRLF) and rest of the original response from the backend ( including headers ) inside the body of a valid response with status line 200.

From dumpio output :
mod_dumpio.c(103): [remote] mod_dumpio:  dumpio_in (data-HEAP): HTTP/1.1\r\n
mod_dumpio.c(103): [remote] mod_dumpio:  dumpio_in (data-HEAP): HTTP/1.1
mod_dumpio.c(103): [client] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 200 OK\r\nDate:(...)

I know Apache is proud to be RFC compliant since the start.

My queston is : do such response from backends shall still be considered HTTP 0.9 responses ? or faulty (500 status maybe ) ? or something else ?

Can it be considered a bug ? Is their space for enhancement ?

Compliancy with HTTP 0.9 is no more mandatory : https://tools.ietf.org/html/rfc7230#appendix-A.2
" The expectation to support HTTP/0.9 requests has been removed.
   (Appendix A)"

Comment 1 Michael Osipov 2019-08-02 09:32:01 UTC
I believe that Apache sholuld return BAD_GATEWAY in this case...