Below is a DEBUG dump from failing OPTIONS+GET+GET, e.g. header X-Forwarded-Port is not set.
accept_reserve: inflight incremented, now 1 relay_read_http: session 1: size 87, to read -2 relay_read_http: session 1: header 'OPTIONS: /options.php HTTP/1.1' relay_read_http: session 1: header 'Host: test.jesper.office.se.domain.com' relay_read_http: session 1: header 'Accept: */*' relay_test: session 1: matched rule 0 relay_test:1767: next rule relay_test: session 1, res 0 relay_test: session 1: matched rule 1 relay_test:1767: next rule relay_test: session 1, res 0 relay_test: session 1: matched rule 2 relay_test:1767: next rule relay_test: session 1, res 0 relay_test: session 1: matched rule 3 relay_test:1767: next rule relay_test: session 1, res 0 relay_test:1747: next rule relay_test: session 1, res 0 relay_test: session 1: action 1 relay_writeheader_kv: Accept: */* relay_writeheader_kv: Host: test.jesper.office.se.domain.com relay_writeheader_kv: Keep-Alive: 600 relay_writeheader_kv: X-Forwarded-By: 172.16.1.101:80 relay_writeheader_kv: X-Forwarded-For: 172.17.2.21 relay_writeheader_kv: X-Forwarded-Port: 80 relay_from_table: session 1: table jesper:80 host 172.16.1.30, p 0x1f1046c6927e3ff3, idx 0, cnt 0, max 1 relay_connect: inflight decremented, now 0 relay_connected: session 1: successful relay_splice: session 1: splice dir 2, nothing to read -2 relay_splice: session 1: splice dir 1, maximum -1, successful relay_read_http: session 1: size 182, to read -2 relay_read_http: session 1: header 'HTTP/1.1: 200 OK' http_version HTTP/1.1 http_rescode 200 http_resmesg OK relay_read_http: session 1: header 'Date: Mon, 27 Nov 2017 19:01:55 GMT' relay_read_http: session 1: header 'Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips' relay_read_http: session 1: header 'Content-Length: 2' relay_read_http: session 1: header 'Content-Type: text/html; charset=UTF-8' relay_test:1729: skip 1 rules relay_test: session 1: action 1 version: HTTP/1.1 rescode: 200 resmsg: OK relay_writeheader_kv: Content-Length: 2 relay_writeheader_kv: Content-Type: text/html; charset=UTF-8 relay_writeheader_kv: Date: Mon, 27 Nov 2017 19:01:55 GMT relay_writeheader_kv: Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips relay_splice: session 1: splice dir 2, dirty buffer relay_read_httpcontent: session 1: size 2, to read 2 relay_read_httpcontent: done, size 2, to read 0 relay_read_http: session 1: size 0, to read -2 relay_splice: session 1: splice dir 2, nothing to read -2 relay_read_http: session 1: size 195, to read -2 relay_read_http: session 1: header 'HTTP/1.1: 403 Forbidden' http_version HTTP/1.1 http_rescode 403 http_resmesg Forbidden relay_read_http: session 1: header 'Date: Mon, 27 Nov 2017 19:01:55 GMT' relay_read_http: session 1: header 'Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips' relay_read_http: session 1: header 'Content-Length: 8' relay_read_http: session 1: header 'Content-Type: text/html; charset=UTF-8' relay_test:1729: skip 1 rules relay_test: session 1: action 1 version: HTTP/1.1 rescode: 403 resmsg: Forbidden relay_writeheader_kv: Content-Length: 8 relay_writeheader_kv: Content-Type: text/html; charset=UTF-8 relay_writeheader_kv: Date: Mon, 27 Nov 2017 19:01:55 GMT relay_writeheader_kv: Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips relay_splice: session 1: splice dir 2, dirty buffer relay_read_httpcontent: session 1: size 8, to read 8 relay_read_httpcontent: done, size 8, to read 0 relay_read_http: session 1: size 0, to read -2 relay_splice: session 1: splice dir 2, nothing to read -2 relay_read_http: session 1: size 195, to read -2 relay_read_http: session 1: header 'HTTP/1.1: 403 Forbidden' http_version HTTP/1.1 http_rescode 403 http_resmesg Forbidden relay_read_http: session 1: header 'Date: Mon, 27 Nov 2017 19:01:55 GMT' relay_read_http: session 1: header 'Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips' relay_read_http: session 1: header 'Content-Length: 8' relay_read_http: session 1: header 'Content-Type: text/html; charset=UTF-8' relay_test:1729: skip 1 rules relay_test: session 1: action 1 version: HTTP/1.1 rescode: 403 resmsg: Forbidden relay_writeheader_kv: Content-Length: 8 relay_writeheader_kv: Content-Type: text/html; charset=UTF-8 relay_writeheader_kv: Date: Mon, 27 Nov 2017 19:01:55 GMT relay_writeheader_kv: Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips relay_splice: session 1: splice dir 2, dirty buffer relay_read_httpcontent: session 1: size 8, to read 8 relay_read_httpcontent: done, size 8, to read 0 relay_read_http: session 1: size 0, to read -2 relay_splice: session 1: splice dir 2, nothing to read -2 relay web_test, session 1 (1 active), 0, 172.17.2.21 -> 172.16.1.30:80, done, OPTIONS //mxb > 27 nov. 2017 kl. 20:20 skrev Maxim Bourmistrov <[email protected]>: > > Here is setup which reproduces this problem. Also exists in 6.2. > > Server: > Apache with mod_php serving following content: > > ———cut options.php—————— > <?php > > if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) { > http_response_code(200); > echo 'OK'; > } > else { > http_response_code(403); > echo 'Bad call'; > } > —————————————————————————————————— > > Relayd: > > http protocol http_relay { > tcp { nodelay, sack, backlog 1024 } > match header append "X-Forwarded-For" value "$REMOTE_ADDR" > match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" > match header set "X-Forwarded-Port" value "80" > match header set "Keep-Alive" value "$TIMEOUT" > match request header remove "Proxy" > } > > table <apache> { 1.2.3.4 } > relay web_test { > listen on 5.6.7.8 port 80 > protocol http_relay > forward to <apache> port 80 mode loadbalance check tcp > } > > Client: > Runs php from CLI > file to run: > > <?php > $ch = curl_init(); > curl_setopt($ch, CURLOPT_URL, 'http://5.6.7.8/options.php'); > curl_setopt($ch, CURLOPT_HEADER, true); > curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "OPTIONS"); > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); > curl_exec($ch); > echo PHP_EOL; > curl_setopt($ch, CURLOPT_URL, 'http://5.6.7.8/options.php'); > curl_setopt($ch, CURLOPT_HEADER, true); > curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); > curl_exec($ch); > echo PHP_EOL; > curl_setopt($ch, CURLOPT_URL, 'http://5.6.7.8'); > curl_setopt($ch, CURLOPT_HEADER, true); > curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); > curl_exec($ch); > echo PHP_EOL; > > With rev. Before 1.58 of relay_http.c following can be observed: > relay web_test, session 1 (1 active), 0, 172.17.2.21 -> 172.16.1.30:80, done, > OPTIONS GET GET > > With the rev. current for 6.2: > relay web_test, session 1 (1 active), 0, 172.17.2.21 -> 172.16.1.30:80, done, > OPTIONS > > //mxb > >> 22 okt. 2017 kl. 21:02 skrev Maxim Bourmistrov <[email protected]>: >> >> >>> 22 okt. 2017 kl. 20:16 skrev Maxim Bourmistrov <[email protected]>: >>> >>> Hey, >>> with rev 1.58 OPTIONS in relay_http.c got broken >>> or at least logic inside relay_read_http(). >>> Quick fix it to cre->toread=0 and break, but this is probably not what >>> should be there. >>> >>> In my test case, from the client side I do an OPTIONS request, followed by >>> a couple of GET. >>> GET in the middle never gets catched and thus breaks intended usage. >>> >>> I’m doing a simple printf() debugging here to catch. >>> >>> cre->toread = strtonum(value, 0, LLONG_MAX, &errstr); >>> printf("------ to read %lld\n", cre->toread); >>> >>> >>> case HTTP_METHOD_GET: >>> printf("GOT GET to read: %lld\n", cre->toread); >>> >>> case HTTP_METHOD_OPTIONS: >>> printf("GOT OPT to read: %lld\n", cre->toread); >>> >>> >>> The output with those in place from ’relayd -d’: >>> >>> host 10.6.128.38, check http code (1ms,http code ok), state up -> up, >>> availability 100.00% >>> GOT OPT to read: -2 >>> ------ to read 0 >>> ------ to read 214 >>> relay test_api_tls, session 1 (1 active), 0, 176.10.170.140 -> >>> 10.6.128.20:80, done, OPTIONS >>> GOT GET to read: -2 >>> ------ to read 214 >>> relay test_api_tls, session 2 (1 active), 0, 176.10.170.140 -> >>> 10.6.128.36:80, done, GET >>> ^Chce exiting, pid 96033 >>> >>> //mxb >>> >> >> With cre->toread=0 I catch it all >> >> relay test_api_tls, session 1 (1 active), 0, 176.10.170.140 -> >> 10.6.128.20:80, done, OPTIONS GET >> relay test_api_tls, session 2 (1 active), 0, 176.10.170.140 -> >> 10.6.128.36:80, done, GET >> >> //mxb >> >
