62197 – A HTTP 200 is returned for proxy requests with truncated headers

Bug 62197 - A HTTP 200 is returned for proxy requests with truncated headers

Summary: A HTTP 200 is returned for proxy requests with truncated headers

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy_http (show other bugs)
Version:	2.5-HEAD
Hardware:	PC Mac OS X 10.1

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-20 16:02 UTC by Hank Ibell
Modified:	2018-03-26 15:38 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hank Ibell 2018-03-20 16:02:07 UTC

Headers in a proxy response that are greater than 8K are truncated, but still returns a 200.

As header data is being lost, I would expect a HTTP 500 response instead of a 200.

In the example below, a 200 is being returned even though ~1000 bytes are being lost from X-Test-Header-1.

Sample config:
<VirtualHost *:80>
  ProxyPass "/test" "http://localhost:8080"
  ProxyPassReverse "/test" "http://localhost:8080"
</VirtualHost>

<VirtualHost *:8080>
  Header set X-Test-Header-1 "AAAAAAAAAAAAAAA..." # large header > 8KB
</VirtualHost>

Request/response:
$ curl -sD - http://localhost/test -o /dev/null
HTTP/1.1 200 OK
Date: Tue, 20 Mar 2018 15:46:37 GMT
Server: Apache/2.5.1-dev (Unix)
Last-Modified: Sun, 06 Nov 2016 05:34:43 GMT
ETag: "2d-5409b43abe2c0"
Accept-Ranges: bytes
Content-Length: 45
X-Test-Header-1: AAAA... [truncated]
Content-Type: text/html

Original header size:
$ curl -sD - http://localhost:8080 -o /dev/null | grep X-Test-Header-1 | wc -c
    9020

Proxied header size:
$ curl -sD - http://localhost/test -o /dev/null | grep X-Test-Header-1 | wc -c
    8019