Bug 62197 - A HTTP 200 is returned for proxy requests with truncated headers
Summary: A HTTP 200 is returned for proxy requests with truncated headers
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_http (show other bugs)
Version: 2.5-HEAD
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2018-03-20 16:02 UTC by Hank Ibell
Modified: 2018-03-26 15:38 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Hank Ibell 2018-03-20 16:02:07 UTC
Headers in a proxy response that are greater than 8K are truncated, but still returns a 200.

As header data is being lost, I would expect a HTTP 500 response instead of a 200.

In the example below, a 200 is being returned even though ~1000 bytes are being lost from X-Test-Header-1.

Sample config:
<VirtualHost *:80>
  ProxyPass "/test" "http://localhost:8080"
  ProxyPassReverse "/test" "http://localhost:8080"

<VirtualHost *:8080>
  Header set X-Test-Header-1 "AAAAAAAAAAAAAAA..." # large header > 8KB

$ curl -sD - http://localhost/test -o /dev/null
HTTP/1.1 200 OK
Date: Tue, 20 Mar 2018 15:46:37 GMT
Server: Apache/2.5.1-dev (Unix)
Last-Modified: Sun, 06 Nov 2016 05:34:43 GMT
ETag: "2d-5409b43abe2c0"
Accept-Ranges: bytes
Content-Length: 45
X-Test-Header-1: AAAA... [truncated]
Content-Type: text/html

Original header size:
$ curl -sD - http://localhost:8080 -o /dev/null | grep X-Test-Header-1 | wc -c

Proxied header size:
$ curl -sD - http://localhost/test -o /dev/null | grep X-Test-Header-1 | wc -c