https://bz.apache.org/bugzilla/show_bug.cgi?id=61464
Bug ID: 61464
Summary: mod_authnz_fcgi uses a hard-coded value of 30 sec as
the socket io timeout value
Product: Apache httpd-2
Version: 2.4.16
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
- mod_authnz_fcgi uses a hard-coded 30 sec value as the socket IO timeout value
to write to and read from a back end FCGI Authorizer application.
- While this timeout value seems sufficient, in certain cases it may not be.
- Further, instead of hard-coding this parameter, a user should have an option
to be able to configure a suitable timeout of his choice.
- If none is specified, a certain default timeout (like the request timeout of
connection timeout) needs to be used.
Steps-to-repro:
1. Sample FCGI Authorizer application which can be started with fcgistarter:
fcgistarter -c <fcgi app name> -p 5555 -i 127.0.0.1 -N 1
(Refer to the fcgistarter documentation)
2. Note that in the above app, a sleep of 32 secs (any value greater than 30
sec) needs to be induced to repro the issue.
3. Configure the mod_authnz_fcgi module in httpd.conf:
LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so
Actual results:
The httpd daemon returns an HTTP 503 Service Unavailable status code back to
the client after 30 secs. However, in the back end, the authentication was
handled (success or failure).
Expected results:
- The status code as returned from the FCGI application after authentication.
- Or, HTTP 503 service unavailable if the configured timeout elapses.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
