As some of you know, I'm working on fixing bugs in mod_proxy. As part of this effort, I've signed up with a testing service called Co-Advisor, at http://coad.measurement-factory.com/ (who is also responsible for a number of our long-standing bug reports). This gives me use of a good range of testcases, and a tool to run them and produce useful diagnostics. The purpose of the service is to detect violations of the HTTP protocol (RFC2616).
Anyone interested in this work: I've opened a tracking bug: http://issues.apache.org/bugzilla/show_bug.cgi?id=43454 My first milestone here is to work through all mod_proxy violations excluding those concerning caching. Co-advisor offers a subset comprising 369 testcases, which I've run on a clean 2.2.6 build. This is a summary of my first two test-runs. * Clean 2.2.6 build, Forward proxy, ProxyVia On, TraceEnable On 296 Success 42 Violation 31 Failure Note the terminology: a "Failure" means a test that did not complete, so it may or may not mean a bug. Going through the reported violations, I see: * Proxy fails to remove hop-by-hop response headers Verdict: bug * Proxy Fails to deal correctly with Via header. No via header is added when there are already several. Verdict: bug * Proxy leaves trailers in multipart/byteranges entities. Comment: The Request testcase is bogus. The Response testcase correctly points to an error, but it's the origin server that's at fault. Verdict: a configuration option to make mod_proxy fix it would make a useful (but non-urgent) enhancement. * Chunked request with too big chunks: proxy returns 413 Verdict: look at ProxyIOBufferSize * Chunked response with too big chunks: the response is lost completely. Verdict: serious bug!!! * Proxy fails to remove Warning response headers with wrong date Verdict: bug * Proxy must remove response headers listed in a Connection header. This fails when there are multiple Connection headers. Verdict: bug * TRACE method: returns 403 with TraceEnable Off. This bug is already fixed in code. * OPTIONS method: proxy MUST NOT add Max-Forwards header if there isn't one already. Verdict: bug. * GET method: ditto. Verdict: Need to figure out the role of Max-Forwards in methods that don't explicitly mandate it. This is a strange testcase. * Proxy violates no-transform by adding Content-Type header Verdict: bug, probably fixed by today's fix to PR 13986 * Max-forwards: integer overflow when a silly value is set. Verdict: looks like a WONTFIX * Proxy eats unrequested 1xx responses. Verdict: Technically this reads like a violation, but it seems sensible in practice. Need to clarify. FAILURES * Proxy rejects both Requests (400) and Responses (502) with excessive numbers of tokens in a Content-Type line. Verdict: Investigate * Date handling checks: unable to proceed due to Warning bug. Verdict: retest when Warning bug is fixed. * Pipelining requests: not supported Verdict: Enhancement request; LATER * OPTIONS * with Max-Forwards 0 returns 403 Verdict: This probably means the testcase is passed (proxy MUST NOT forward it). But handling OPTIONS should've returned 405 or success, not 403. * Retry tests: Proxy does not retry when backend aborts Verdict: Potential enhancement. Possibly related to PR38763. NEXT TASKS: * cross-reference the above to existing reports in Bugzilla, and update PR43454 to track fixes. * Hack up something to extract an Executive Summary from Co-Advisor reports. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
