63427 – Proxy error reading status line from remote server with big files and Content-Length header

Bug 63427 - Proxy error reading status line from remote server with big files and Content-Length header

Summary: Proxy error reading status line from remote server with big files and Content...

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy (show other bugs)
Version:	2.4.6
Hardware:	PC All

Importance:	P2 major with 1 vote (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-14 10:47 UTC by Francesco
Modified:	2019-09-18 18:06 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francesco 2019-05-14 10:47:51 UTC

I have this configuration: apache 2.4.6 on a centos 7, configured as https reverse proxy on a filesender server (http://filesender.org/), on a Redhat 5.3 server. Filesender is a software for sending big files with email links.
The error occurs clicking on the download.php link (for downloading files), and only for very big files (several GB I guess). Direct links to filesender server work.

Finally I found the problem, but don't know why it happens: I tought the problem could be in the headers sent by download.php, so I tryied to comment them one by one and I found that the one which gives error is the one which sends file dimension:

header('Content-Length: '.$functions->getFileSize($file));

Commenting out this one eliminates the error.
I don't know if it occurs only with certain type of file or in https only.

Here is verbose log:

[Tue May 14 12:09:09.995372 2019] [ssl:debug] [pid 5421] ssl_engine_kernel.c(224): [client xxx.xxx.xxx.xxx:14019] AH02034: Initial (No.1) HTTPS request received for child 32 (server yyy.yyy.yyy.yyy:443)
[Tue May 14 12:09:09.995577 2019] [authz_core:debug] [pid 5421] mod_authz_core.c(835): [client xxx.xxx.xxx.xxx:14019] AH01628: authorization result: granted (no directives)
[Tue May 14 12:09:09.995915 2019] [proxy:debug] [pid 5421] mod_proxy.c(1117): [client xxx.xxx.xxx.xxx:14019] AH01143: Running scheme http handler (attempt 0)
[Tue May 14 12:09:09.995947 2019] [proxy_ajp:debug] [pid 5421] mod_proxy_ajp.c(713): [client xxx.xxx.xxx.xxx:14019] AH00894: declining URL http://yyy.yyy.yyy.yyy/filesender/download1.php?vid=zzz
[Tue May 14 12:09:09.995980 2019] [proxy_fcgi:debug] [pid 5421] mod_proxy_fcgi.c(963): [client xxx.xxx.xxx.xxx:14019] AH01076: url: http://yyy.yyy.yyy.yyy/filesender/download1.php?vid=zzz proxyname: (null) proxyport: 0
[Tue May 14 12:09:09.995990 2019] [proxy_fcgi:debug] [pid 5421] mod_proxy_fcgi.c(966): [client xxx.xxx.xxx.xxx:14019] AH01077: declining URL http://yyy.yyy.yyy.yyy/filesender/download1.php?vid=zzz
[Tue May 14 12:09:09.996020 2019] [proxy:debug] [pid 5421] proxy_util.c(2256): [client xxx.xxx.xxx.xxx:14019] AH00944: connecting http://yyy.yyy.yyy.yyy/filesender/download1.php?vid=zzz to yyy.yyy.yyy.yyy:80
[Tue May 14 12:09:09.996453 2019] [proxy:debug] [pid 5421] proxy_util.c(2422): [client xxx.xxx.xxx.xxx:14019] AH00947: connected /filesender/download1.php?vid=zzz to yyy.yyy.yyy.yyy:80
[Tue May 14 12:09:10.708571 2019] [proxy_http:error] [pid 5421] (104)Connection reset by peer: [client xxx.xxx.xxx.xxx:14019] AH01102: error reading status line from remote server yyy.yyy.yyy.yyy:80
[Tue May 14 12:09:10.708731 2019] [proxy_http:debug] [pid 5421] mod_proxy_http.c(1363): [client xxx.xxx.xxx.xxx:14019] AH01105: NOT Closing connection to client although reading from backend server yyy.yyy.yyy.yyy:80 failed.
[Tue May 14 12:09:10.708801 2019] [proxy:error] [pid 5421] [client xxx.xxx.xxx.xxx:14019] AH00898: Error reading from remote server returned by /filesender/download1.php
[Tue May 14 12:09:15.715088 2019] [ssl:debug] [pid 5421] ssl_engine_io.c(992): [client xxx.xxx.xxx.xxx:14019] AH02001: Connection closed to child 32 with standard shutdown (server yyy.yyy.yyy.yyy:443)

Here is proxy vhost:

<VirtualHost xxx.xxx.xxx.xxx:443>

ServerName yyy.yyy.yyy.yyy:443

ErrorLog logs/filesender_ssl_error_log
TransferLog logs/filesender_ssl_access_log
LogLevel debug

ProxyPass / http://yyy.yyy.yyy.yyy/
ProxyPassReverse / http://yyy.yyy.yyy.yyy/

SSLEngine on

SSLProtocol +TLSv1.2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:!DES-CBC-SHA:!EDH-RSA-DES-CBC-SHA:!AECDH-DES-CBC3-SHA:!AECDH-AES128-SHA:!AECDH-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:!3DES:!IDEA
SSLCertificateFile /etc/pki/tls/certs/yyy.yyy.yyy.yyy.cer
SSLCertificateKeyFile /etc/pki/tls/private/yyy.yyy.yyy.yyy.key
SSLCertificateChainFile /etc/pki/tls/certs/yyy.yyy.yyy.yyy.cer

CustomLog logs/filesender_ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
		  
</VirtualHost>

These are headers sent by backend server:

Date: Tue, 14 May 2019 10:37:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.3
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Tue, 14 May 2019 10:01:03 GMT
Content-Length: 5165363650
Content-Disposition: attachment; filename="yyy.7z"
Connection: close
Content-Type: application/octet-stream

With these headers I got error, if I remove Content-Length header I can download file.