Ubuntu
apache2 package

proxying SSL throws errors

Bug #595855 reported by Ralf Hildebrandt
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Incomplete
Medium
Unassigned

Bug Description

We're using mod_proxy to proxy from our internal to our external webserver (both apache2)

When proxying https:// traffic, we occasionally get:

[Fri Jun 18 10:14:25 2010] [warn] proxy: bad HTTP/1.1 header returned by /typo3/db_list.php (GET)
[Fri Jun 18 10:14:27 2010] [warn] proxy: bad HTTP/1.1 header returned by /typo3/alt_intro.php (GET)
[Fri Jun 18 10:14:35 2010] [warn] proxy: bad HTTP/1.1 header returned by /typo3/backend.php (GET)
[Fri Jun 18 10:39:32 2010] [warn] proxy: bad HTTP/1.1 header returned by /charite/kontaktformular/adresse/einhaeupl (GET)
[Fri Jun 18 10:41:16 2010] [warn] proxy: bad HTTP/1.1 header returned by /en/charite/contactform/adresse/jetschmann-1/ (GET)
[Fri Jun 18 10:41:16 2010] [warn] proxy: bad HTTP/1.1 header returned by /en/charite/contactform/adresse/giebe-1/ (GET)
[Fri Jun 18 10:43:31 2010] [warn] proxy: bad HTTP/1.1 header returned by /typo3temp/javascript_93077bb238.js (GET)
[Fri Jun 18 10:43:31 2010] [warn] proxy: bad HTTP/1.1 header returned by /fileadmin/charite/scripts/functions.js (GET)

by setting

ProxyBadHeader Ignore

this can be made to work, which results in:

[Fri Jun 18 11:28:12 2010] [warn] proxy: Ignoring bogus HTTP header returned by /fileadmin/user_upload/portal/allgemein/atmobilder/kontakt-stecker-01.jpg (GET)
[Fri Jun 18 11:28:12 2010] [warn] proxy: Ignoring bogus HTTP header returned by /fileadmin/charite/css/logo.jpg (GET)
[Fri Jun 18 11:28:14 2010] [warn] proxy: Ignoring bogus HTTP header returned by /fileadmin/charite/css/logo.jpg (GET)
[Fri Jun 18 11:28:15 2010] [warn] proxy: Ignoring bogus HTTP header returned by /fileadmin/user_upload/portal/allgemein/atmobilder/kontakt-stecker-01.jpg (GET)
[Fri Jun 18 11:28:19 2010] [warn] proxy: Ignoring bogus HTTP header returned by /fileadmin/user_upload/portal/allgemein/atmobilder/kontakt-stecker-01.jpg (GET)

The machine we're proxying to is:

ii apache2 2.2.9-10+lenny7 Apache HTTP Server metapackage
ii apache2-mpm-worker 2.2.9-10+lenny7 Apache HTTP Server - high speed threaded mod
ii libapache2-mod-fcgid 1:2.2-1 an alternative module compat with mod_fastcg

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libapache2-mod-proxy-html 3.0.1-1
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic-pae i686
Architecture: i386
Date: Fri Jun 18 11:26:56 2010
SourcePackage: mod-proxy-html

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :
Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

Sorry, sorry, sorry, since the proxy module in use is mod_proxy_connect, this bug needs to be assigned to apache2.2-bin instead!

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

since the proxy module in use is mod_proxy_connect, this bug needs to be assigned to apache2.2-bin instead!

affects: mod-proxy-html (Ubuntu) → apache2 (Ubuntu)
Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

The page we're trying to proxy for is https://www.charite.de/charite/kontakt/

This page is reachable from the internet as well (directly, though), so you can check if that page ACTUALLY generates bad headers!
Pleas enote that for us this error ONLY happens, when the request is being proxied by apache2.2

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

I found out the following:

* disabling https:// for the page mentioned above AND activating deflate: working
* enabling https:// for the page mentioned above AND activating deflate: failing
* enabling https:// for the page mentioned above AND disabling deflate: working

So it's the combination of SSL on the originating host AND deflate on the proxy.

Revision history for this message
Thierry Carrez (ttx) wrote :

Trying to confirm this is a duplicate of bug 589611
@Ralf: does mv /lib/i686 /lib/disabled_i686 also solves this precise issue for you ?

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

Yes it does!

Revision history for this message
Thierry Carrez (ttx) wrote :

Looks like it's the same root issue, so i'll mark it as duplicate. Thanks for the confirmation.

Revision history for this message
Jiří Engelthaler (engycz) wrote :

Maybe I found a solution (bug in memcpy routine) Bug #609290

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.