-
Bug
-
Resolution: Done
-
Critical
-
httpd 2.4.37 SP7 GA
-
None
-
False
-
False
-
-
-
-
-
-
+
-
Undefined
-
Description : jbcs-httpd24-httpd-2.4.37-70 cause HTTP 400 error for FQDN/URL with more than 14 character while it works well with jbcs-httpd24-httpd-2.4.37-66
Using jbcs-httpd24-httpd-2.4.37-70 as forward proxy to connect with backend EAP server, they are observing a behavior where jbcs-httpd24-httpd-2.4.37-70 throw HTTP 400 error for FQDN/URL with more than 14 character while it works well with jbcs-httpd24-httpd-2.4.37-66
2021-05-10T10:08:09,833 +0200 30.30.30.30 - - 319 "CONNECT example1.com:443 HTTP/1.1" 400 226 - "-" "curl/7.29.0" -> Failed with HTTP 400 2021-05-10T10:08:19,846 +0200 30.30.30.30 - - 213410 "CONNECT example2.com:443 HTTP/1.1" 200 - - "-" "curl/7.29.0" → Successes with HTTP 200
It looks like if the URL has more than 14 character then the following code in mod_proxy_http.c will cause HTTP 400 error, In my observation this code is present in jbcs-httpd24-httpd-2.4.37-70 while it is not present in jbcs-httpd24-httpd-2.4.37-66.
if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') {
if (!scheme && (u = strchr(url, ':')) && (u - url) > 14)
{ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262) "overlong proxy URL scheme in %s", url); return HTTP_BAD_REQUEST; }
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113)
"HTTP: declining URL %s", url);
return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
}
[Mon May 10 10:09:41.430142 2021] [core:trace5] [pid 29992:tid 140472651564800] protocol.c(710): [client 10.10.10.10:8080] Request received from client: CONNECT example1.com:443 HTTP/1.1 [Mon May 10 10:09:41.430206 2021] [core:debug] [pid 29992:tid 140472651564800] vhost.c(1186): [client 10.10.10.10:8080] AH02417: Replacing host header 'example1.com' with host 'example1.com:443' given in the request uri [Mon May 10 10:09:41.430245 2021] [http:trace4] [pid 29992:tid 140472651564800] http_request.c(437): [client 10.10.10.10:8080] Headers received from client: [Mon May 10 10:09:41.430252 2021] [http:trace4] [pid 29992:tid 140472651564800] http_request.c(441): [client 10.10.10.10:8080] User-Agent: Java/11.0.11 [Mon May 10 10:09:41.430256 2021] [http:trace4] [pid 29992:tid 140472651564800] http_request.c(441): [client 10.10.10.10:8080] Host: example1.com:443 [Mon May 10 10:09:41.430260 2021] [http:trace4] [pid 29992:tid 140472651564800] http_request.c(441): [client 10.10.10.10:8080] Accept: text/html, image/gif, image/jpeg, ; q=.2, */; q=.2 [Mon May 10 10:09:41.430265 2021] [http:trace4] [pid 29992:tid 140472651564800] http_request.c(441): [client 10.10.10.10:8080] Proxy-Connection: keep-alive [Mon May 10 10:09:41.430323 2021] [proxy:trace2] [pid 29992:tid 140472651564800] proxy_util.c(2127): [client 10.10.10.10:8080] *: found forward proxy worker for example1.com:443 [Mon May 10 10:09:41.430329 2021] [proxy:debug] [pid 29992:tid 140472651564800] mod_proxy.c(1264): [client 10.10.10.10:8080] AH01143: Running scheme example1.com handler (attempt 0) [Mon May 10 10:09:41.430351 2021] [proxy_http:error] [pid 29992:tid 140472651564800] [client 10.10.10.10:8080] AH10262: overlong proxy URL scheme in example1.com:443 [Mon May 10 10:09:41.430365 2021] [http:trace3] [pid 29992:tid 140472651564800] http_filters.c(1127): [client 10.10.10.10:8080] Response sent with status 400, headers: [Mon May 10 10:09:41.430378 2021] [http:trace5] [pid 29992:tid 140472651564800] http_filters.c(1134): [client 10.10.10.10:8080] Date: Mon, 10 May 2021 08:09:41 GMT [Mon May 10 10:09:41.430382 2021] [http:trace5] [pid 29992:tid 140472651564800] http_filters.c(1137): [client 10.10.10.10:8080] Server: Apache/2.4.37 (Red Hat) [Mon May 10 10:09:41.430387 2021] [http:trace4] [pid 29992:tid 140472651564800] http_filters.c(956): [client 10.10.10.10:8080] Content-Length: 226 [Mon May 10 10:09:41.430391 2021] [http:trace4] [pid 29992:tid 140472651564800] http_filters.c(956): [client 10.10.10.10:8080] Connection: close [Mon May 10 10:09:41.430395 2021] [http:trace4] [pid 29992:tid 140472651564800] http_filters.c(956): [client 10.10.10.10:8080] Content-Type: text/html; charset=iso-8859-1
[Mon May 10 10:05:53.275997 2021] [http:trace4] [pid 29541:tid 139860484474624] http_request.c(437): [client 20.20.20.20:8080] Headers received from client: [Mon May 10 10:05:53.276004 2021] [http:trace4] [pid 29541:tid 139860484474624] http_request.c(441): [client 20.20.20.20:8080] Host: example2.com:443 [Mon May 10 10:05:53.276008 2021] [http:trace4] [pid 29541:tid 139860484474624] http_request.c(441): [client 20.20.20.20:8080] User-Agent: curl/7.29.0 [Mon May 10 10:05:53.276013 2021] [http:trace4] [pid 29541:tid 139860484474624] http_request.c(441): [client 20.20.20.20:8080] Proxy-Connection: Keep-Alive [Mon May 10 10:05:53.276054 2021] [core:trace3] [pid 29541:tid 139860484474624] request.c(312): [client 20.20.20.20:8080] request authorized without authentication by access_checker_ex hook: example2.com:443 [Mon May 10 10:05:53.276078 2021] [proxy_connect:trace1] [pid 29541:tid 139860484474624] mod_proxy_connect.c(141): [client 20.20.20.20:8080] canonicalising URL example2.com:443 [Mon May 10 10:05:53.276101 2021] [proxy:trace2] [pid 29541:tid 139860484474624] proxy_util.c(2127): [client 20.20.20.20:8080] *: found forward proxy worker for example2.com:443 [Mon May 10 10:05:53.276108 2021] [proxy:debug] [pid 29541:tid 139860484474624] mod_proxy.c(1264): [client 20.20.20.20:8080] AH01143: Running scheme example2.com handler (attempt 0) [Mon May 10 10:05:53.276143 2021] [proxy_http:debug] [pid 29541:tid 139860484474624] mod_proxy_http.c(1988): [client 20.20.20.20:8080] AH01113: HTTP: declining URL example2.com:443 [Mon May 10 10:05:53.276158 2021] [proxy_connect:trace1] [pid 29541:tid 139860484474624] mod_proxy_connect.c(184): [client 20.20.20.20:8080] serving URL example2.com:443 [Mon May 10 10:05:53.276166 2021] [proxy_connect:debug] [pid 29541:tid 139860484474624] mod_proxy_connect.c(201): [client 20.20.20.20:8080] AH01019: connecting example2.com:443 to example2.com:443 [Mon May 10 10:05:53.277528 2021] [proxy_connect:trace1] [pid 29541:tid 139860484474624] mod_proxy_connect.c(227): [client 20.20.20.20:8080] connecting to remote proxy example2.com on port 443 [Mon May 10 10:05:53.277556 2021] [proxy:trace2] [pid 29541:tid 139860484474624] proxy_util.c(2235): [client 20.20.20.20:8080] CONNECT: fam 2 socket created to connect to example2.com [Mon May 10 10:05:53.282531 2021] [proxy_connect:trace2] [pid 29541:tid 139860484474624] mod_proxy_connect.c(265): [client 20.20.20.20:8080] setting up poll() [Mon May 10 10:05:53.282570 2021] [proxy_connect:trace3] [pid 29541:tid 139860484474624] mod_proxy_connect.c(313): [client 20.20.20.20:8080] connection complete to 40.40.40.40:443 (example2.com) [Mon May 10 10:05:53.282580 2021] [proxy_connect:trace1] [pid 29541:tid 139860484474624] mod_proxy_connect.c(336): [client 20.20.20.20:8080] Returning 200 OK
It looks like JBCS httpd 2.4.37 SP7 incorporated the following change, so this could be related to the behavior change :
This is a bug. The stripped scheme (protocol) from url in the request line for CONNECT method fools the code to consider hostname as a scheme limiting the hostname size to 14 bytes. It calculates the scheme length by trying to find the first occurrence of ':' and subtract its address with the address of the beginning of the url but as 'https:' isn't there it finds ':' just before the port ':443' actually limiting the size of the hostname instead of the scheme.
JBCS httpd 2.4.37 SP7 incorporated the following change, so this could be related to the behavior change :
And, on quick look at the upstream code, such check ((u - url) > 14) does not exist. It appears that the upstream code removed such code by the following change:
https://github.com/apache/httpd/commit/9f7d27daddf1c1df1f6f6b56c756c04fe51470b5
I have raised this JIRA to remove from the code, i.e. to backport the patch : https://github.com/apache/httpd/commit/9f7d27daddf1c1df1f6f6b56c756c04fe51470b5
