0

I have a centos 7 with a customized fresh httpd(2.4.46).

When the http/2 protocol's module is loaded, then in chrome browser - and only in chrome browser - in the case if I smash the refresh button on a page which API is hosted on the centos server, then after like 4-5 swift clicks the request status becomes 'pending' and stays like that forever.

If I go to incognito mode and log it with different user, I receive responses from the API. If I try to send a request in incognito with the same user - even login, which happens with a login token, then the request stays pending forever.

When I check the servers access_log, I can see requests in there but none of the ones stuck in pending.

If I make a user stuck like this, and then go and try a request with this user on firefox, I get response for some requests first, but then it stops responding too and the same happens in postman too.

I can not initiate this issue in postman.

After I'm waiting for a while - I spent some time trying to find some solution, which took like 10-20 minutes - I see, that if I resend the request in postman and firefox, I get response for them, then after I send 4-5 requests it stuck there again. In the meanwhile chrome is still stuck with the request.

In wireshark, what I see is that after the request in chrome gets stuck, it sends a TCP keep-alive package and receives acknowledge package in every ~45 seconds. I can't see the same about Postman and firefox.

The httpd is using mpm event module. Firefox communicates over TLSv1.2, chrome and postman uses TLSv1.3.

If I disable the http2 module, chrome still uses TLSv1.3 as expected without any issues.

API should be fine, it's used in the last 6-7 years and this issue never occurred before. Httpd on the other hand was compiled recently with TLSv1.3 and http/2 support.

So the question is, how can I solve this issue without turning off the module?

[Note] I don't think that anyone could give a quick answer, especially, because there are so many unknowns, but also if I get any other ideas for digging deeper into this, that would be very helpful too.

Random Dude
  • 101
  • 1
  • 4
  • I'm slightly confused. Do you mean that this only happens in Chrome but works in Firefox? – Michael Hampton Sep 23 '20 at 00:40
  • If I smash the refresh button of the chrome browser, then I can reproduce it just in 3-4-5 swift clicks. However I can not do the same if I try it in firefox. It's like if you smash the refresh button in chrome it happens due to race condition, but I can't say that surely. And it's like all the threads in httpd is taken, like when you attack with slow loris, but that doesn't make sense, because only a few request goes to the server before it occurs. To be fair, if I count that I can still use the webserver from an another browser when it happens for a while, then maybe I can count the limit. – Random Dude Sep 23 '20 at 08:17

0 Answers0