Bug 64919 - mod_proxy_fcgi fails to parse headers with a string length over 8192
Summary: mod_proxy_fcgi fails to parse headers with a string length over 8192
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_fcgi (show other bugs)
Version: 2.4.46
Hardware: PC Linux
: P2 major with 27 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-11 22:33 UTC by Brandon Locke
Modified: 2021-01-27 23:51 UTC (History)
3 users (show)



Attachments
A PHP script with a long header. (10.11 KB, application/x-php)
2020-11-11 22:33 UTC, Brandon Locke
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Brandon Locke 2020-11-11 22:33:33 UTC
Created attachment 37560 [details]
A PHP script with a long header.

We've recently run into an issue on a live site running the magento shopping cart software. With Magento there are cases where the headers have string lengths longer than 8192 characters. These long headers are causing mod_proxy_fcgi to fail parsing the headers. 

Steps to Reproduce:

1.) Configure mod_proxy_fcgi to send php request to a local php-fpm service
2.) Create a php page with a header string longer than 8192 (example is attached).
3.) Load the page.

Expected Outcome:

Page renders "this is a test, only a test"

Actual Outcome:

Page fails to load with ERR_INVALID_RESPONSE and the following error in error_log:

[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] Premature end of script headers: bh.php
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] [client 31.125.74.55:39714] AH01070: Error parsing script headers
[Mon Nov 09 20:56:23 2020] [proxy_fcgi:error] [pid 15169:tid 139991975950080] (22)Invalid argument: [client 31.125.74.55:39714] AH01075: Error dispatching request to :

We've found a work-around that involves changing the compile time limit (increasing HUGE_STRING_LEN in httpd.h), but we don't assume that is the recommended way to solve this issue.