Package: apache2
Version: 2.4.10-10+deb8u4
Severity: normal
Tags: upstream

Dear Maintainer,

When apache communicates with a FastCGI server (like php-fpm) via
mod_proxy_fastcgi and the response contains a Last-Modified header with no
Status header and this results in a 304 Not Modified response (based on the
If-Modified-Since header of the HTTP request), apache sends to the client not
only the headers, but the body of the response too. This violates rfc2616
section 10.3.5: "The 304 response MUST NOT contain a message-body, and thus is
always terminated by the first empty line after the header fields."

Apart from causing issues with some reverse proxies, this also causes apache to
 log a bogus error:

"AH01070: Error parsing script headers, referer:..."

for every request that results in a 304 response.

This bug was reported upstream in

https://bz.apache.org/bugzilla/show_bug.cgi?id=57198

and is fixed in 2.4.11, see

https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c?r1=1650677&r2=1650676&pathrev=1650677&view=patch

It would be useful to have this backported to the current apache2
package in jessie.

Thanks,

Giuseppe

Reply via email to