https://bz.apache.org/bugzilla/show_bug.cgi?id=59032
Bug ID: 59032
Summary: mod_proxy_http replaces non compliant status-line
Product: Apache httpd-2
Version: 2.4.17
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_proxy_http
Assignee: [email protected]
Reporter: [email protected]
Hello,
I am using httpd as reverse_proxy with mod_proxy_http :
I stumbled upon a backend server answering http response with bogus HTTP 1.1
status-line : 'HTTP/1.1"
RFC says (https://tools.ietf.org/html/rfc7230#section-3.1.2) :
status-line = HTTP-version SP status-code SP reason-phrase CRLF
>From code review : when a response with status line that does not match
HTTP/1.x RFC is received, mod_proxy_http assumes the backend is HTTP 0.9.
Result is that mod_proxy sends back the status line ( without ending CRLF) and
rest of the original response from the backend ( including headers ) inside the
body of a valid response with status line 200.
>From dumpio output :
mod_dumpio.c(103): [remote 127.0.0.1:9991] mod_dumpio: dumpio_in (data-HEAP):
HTTP/1.1\r\n
(...)
mod_dumpio.c(103): [remote 127.0.0.1:9991] mod_dumpio: dumpio_in (data-HEAP):
HTTP/1.1
(...)
mod_dumpio.c(103): [client 127.0.0.1:12476] mod_dumpio: dumpio_out
(data-HEAP): HTTP/1.1 200 OK\r\nDate:(...)
I know Apache is proud to be RFC compliant since the start.
My queston is : do such response from backends shall still be considered HTTP
0.9 responses ? or faulty (500 status maybe ) ? or something else ?
Can it be considered a bug ? Is their space for enhancement ?
Compliancy with HTTP 0.9 is no more mandatory :
https://tools.ietf.org/html/rfc7230#appendix-A.2
" The expectation to support HTTP/0.9 requests has been removed.
(Appendix A)"
br,
Alex.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
