Ubuntu
apache2 package

Focal: Reverse proxy POST with with body length >1024 is missing body

Bug #2068529 reported by Wesley Hershberger
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
New
Undecided
Unassigned

Bug Description

POST requests to an apache2 server with the below configuration do not forward the message body if it is larger than 1024 bytes.

Affected versions:
apache2 2.4.41-4ubuntu3.17 in focal

Steps to reproduce:

sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http

Add /etc/apache2/sites-enabled/test_proxy.conf
```
Listen 9443
<VirtualHost *:9443>
        ServerName focal.cld.lan

        ProxyRequests Off
        ProxyPass "/" "http://127.0.0.1:8899/"
        ProxyPassReverse "/" "http://127.0.0.1:8899/"

        ErrorLog ${APACHE_LOG_DIR}/testproxy-error.log
        CustomLog ${APACHE_LOG_DIR}/testproxy-access.log combined
</VirtualHost>
```

sudo systemctl restart apache2
nc -k -l 8899

wget http://archive.ubuntu.com/ubuntu/dists/jammy-proposed/InRelease
curl -d "@InRelease" -H "Content-type: text/plain" -X POST http://127.0.0.1:9443/

Curl hangs for a while until the request times out.

EDIT: The first curl here succeeds, the second does not:

DATA=`tr -dc A-Za-z0-9 </dev/urandom | head -c 885; echo`; curl "Content-Disposition: form-data; name=\"data\"" --form "data=${DATA}" -X POST -k -v http://127.0.0.1:9443 -vvv

DATA=`tr -dc A-Za-z0-9 </dev/urandom | head -c 886; echo`; curl "Content-Disposition: form-data; name=\"data\"" --form "data=${DATA}" -X POST -k -v http://127.0.0.1:9443 -vvv

See original description
Revision history for this message
Paride Legovini (paride) wrote :

Hello Wesley, just to be sure: is this something you are going to work at (please assign the bug to yourself in this case), or do you expect the server team to work at this?

In any case I have a couple of questions:

- How do you determine that the problem happens with "body length >1000"? I don't see that in the bug description.

- How does apache2 from Jammy or later releases behave? Is the issue fixed there?

Thanks!

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

From <email address hidden>:

On Thu, Jun 6, 2024 at 11:31 AM Paride Legovini <email address hidden> wrote:
> # https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2068529
> # Focal: Reverse proxy POST with with body length >1000 is missing body
>
> The bug comes from SEG, so I asked for clarification on what the
> expectations from the server team are. I also asked a couple of
> questions on the bug itself, and set it to Incomplete.

Thanks for the triage, Paride!

Just to clarify: I looked this up, and this bug doesn't come from SEG (Sustaining Engineering Group), but from one of the support teams: CSG (Cloud Support Group), DSG (Devices Support Group) -- we're all under Support Engineering (SE), but have different roles/activities.

In this particular case, it could not be escalated to SEG for analysis/fixing/SRU as the Ubuntu Pro subscriber/customer reporting it currently doesn't have the (optional) Support add-on,
so the bug was opened for tracking purposes only, AFAICT.

Please feel free to handle this in the regular process for bugs in Server.
If things change, we'll let you know.

Thanks!

Changed in apache2 (Ubuntu):
status: Incomplete → New
Revision history for this message
Wesley Hershberger (whershberger) wrote :

Thanks for the note Mauricio.

The bug is not present in Jammy.

I've edited the bug description to include a reproducer that reflects the message length limit.

description: updated
summary: - Focal: Reverse proxy POST with with body length >1000 is missing body
+ Focal: Reverse proxy POST with with body length >1024 is missing body
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.