3

A servlet engine (Jetty) is running behind an Apache Httpd server, forwarded using mod_proxy_http. This is running a small servlet that accepts PUT requests and is authenticated using HTTP Basic authentication (handled within Jetty).

When doing a direct (non-proxied) PUT request with curl, using the wrong authentication credentials, the server returns a 401 status code as expected:

curl -v -T testfile -u user:WRONG_PASSWORD http://localhost:8080/myservlet/

This interrupts the requests as soon as the status code is received, so curl doesn't upload the whole body, but stops early (HTTP error before end of send, stop sending).

* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1... connected
* Server auth using Basic with user 'user'
> PUT /myservlet/testfile HTTP/1.1
> Authorization: Basic xxxxxxxxxxxxxxxxx
> User-Agent: curl/7.22.0
> Host: localhost:8080
> Accept: */*
> Content-Length: 3672
> Expect: 100-continue
> 
< HTTP/1.1 401 Unauthorized
< Date: xxxxxxxxxxxxxxxx
* Authentication problem. Ignoring this.
< WWW-Authenticate: basic realm="Test Realm"
< Content-Length: 0
< Server: Jetty(7.4.5.v20110725)
* HTTP error before end of send, stop sending
< 
* Closing connection #0

In contrast, when behind mod_proxy_http, there's a 100 Continue response sent almost straight away by Apache Httpd, which curl does interpret as continue, so it sends the entire request (We are completely uploaded and fine) before it eventually gets the 401 response.

*   Trying 127.0.0.1... connected
* Server auth using Basic with user 'user'
> PUT /myservlet/testfile HTTP/1.1
> Authorization: Basic xxxxxxxxxxxxxxxxx
> User-Agent: curl/7.22.0
> Host: localhost
> Accept: */*
> Content-Length: xxxxxx
> Expect: 100-continue
> 
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 401 Unauthorized
< Date: xxxxxxxxxxxxxxxx
< Server: Jetty(7.4.5.v20110725)
* Authentication problem. Ignoring this.
< WWW-Authenticate: basic realm="Test Realm"
< Content-Length: 0
< Via: 1.1 localhost
< Content-Type: xxxxxxxxxxxxxx
< 
* Connection #0 to host localhost left intact
* Closing connection #0

Is there a way to prevent mod_proxy_http from using the 100 Continue code and to make it wait for the 401 status code from the backend server before sending its first response?

I've tried to follow the following suggestion from this question, but this didn't solve the problem (it wasn't quite the same problem anyway):

    ProxyPass /myservlet/ http://localhost:8080/myservlet/
    <Location /myservlet/>
            RequestHeader unset Expect early
    </Location>
Community
  • 1
Bruno
  • 4,099
  • 1
  • 21
  • 37
  • Interesting. I don't think this is a solution.. but maybe try setting `ProxyIOBufferSize 512` and `ProxyReceiveBufferSize 512`. Since your `POST` is smaller than the default 8k buffers, I'm curious if having these in place will kill the transfer before it completes. – Shane Madden Jan 26 '12 at 01:45
  • I have the very same problem and here is the report: https://bz.apache.org/bugzilla/show_bug.cgi?id=60330 – Michael-O Jul 04 '18 at 16:00

0 Answers0