Bug 64919 - mod_proxy_fcgi fails to parse headers with a string length over 8192
Summary: mod_proxy_fcgi fails to parse headers with a string length over 8192
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_fcgi (show other bugs)
Version: 2.4.53
Hardware: PC Linux
: P1 critical with 50 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-11 22:33 UTC by Brandon Locke
Modified: 2024-04-08 19:18 UTC (History)
6 users (show)



Attachments
A PHP script with a long header. (10.11 KB, application/x-php)
2020-11-11 22:33 UTC, Brandon Locke
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Brandon Locke 2020-11-11 22:33:33 UTC
Created attachment 37560 [details]
A PHP script with a long header.

We've recently run into an issue on a live site running the magento shopping cart software. With Magento there are cases where the headers have string lengths longer than 8192 characters. These long headers are causing mod_proxy_fcgi to fail parsing the headers. 

Steps to Reproduce:

1.) Configure mod_proxy_fcgi to send php request to a local php-fpm service
2.) Create a php page with a header string longer than 8192 (example is attached).
3.) Load the page.

Expected Outcome:

Page renders "this is a test, only a test"

Actual Outcome:

Page fails to load with ERR_INVALID_RESPONSE and the following error in error_log:

[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] Premature end of script headers: bh.php
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] AH01070: Error parsing script headers
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] (22)Invalid argument: [client 31.125.74.55:39714] AH01075: Error dispatching request to :

We've found a work-around that involves changing the compile time limit (increasing HUGE_STRING_LEN in httpd.h), but we don't assume that is the recommended way to solve this issue.
Comment 1 jkribeiro 2021-12-14 01:34:36 UTC
From https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Parameter: responsefieldsize
Adjust the size of the proxy response field buffer. The buffer size should be at least the size of the largest expected header size from a proxied response. Setting the value to 0 will use the system default of 8192 bytes.
Available in Apache HTTP Server 2.4.34 and later.

I tried using the parameter like this:
<Proxy "fcgi://localhost/" responsefieldsize=16000>
</Proxy>

No success. Server version: Apache/2.4.51 ()
Comment 2 nico 2022-03-22 12:24:51 UTC
Same issur on 2.4.23 version
Comment 3 nico 2022-03-22 12:27:42 UTC
Same issue on 2.4.53 version (ubuntu)
Comment 4 nico 2022-03-22 12:31:10 UTC
(In reply to nico from comment #2)
> Same issur on 2.4.23 version

Error on this comment. I mean 2.4.53 version
Comment 5 azurit 2022-03-22 17:19:52 UTC
Still a problem on 2.4.53.
Comment 6 Christophe JAILLET 2022-04-30 11:13:34 UTC
I've a got a WIP that uses ap_varbuf instead of a fixed size 8192 bytes long buffer when parsing fcgi script output.

I'll try to finish and test it.
Comment 7 Hans Dampf 2022-07-07 13:35:07 UTC
Any news for this issue to make this value modifiable in a confile?
Comment 8 Jake Bell 2023-01-11 02:16:21 UTC
Still happening in 2.4.54. Any update on when this might be fixed/changed to be configurable?
Comment 9 Ron E 2024-04-08 18:54:23 UTC
Still happening in apache 2.4.57, it would be great to have at least some sort of workaround for this that does not involve compiling from source or using a different http daemon. Any news?
Comment 10 Christophe JAILLET 2024-04-08 19:18:26 UTC
Hi,

I may have some time in the coming weeks to finish what I started long ago.