https://bz.apache.org/bugzilla/show_bug.cgi?id=65370
Bug ID: 65370
Summary: "not Websocket" loglevel too low or wrong response
code
Product: Apache httpd-2
Version: 2.4.38
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: mod_proxy_wstunnel
Assignee: bugs@httpd.apache.org
Reporter: baumgartnerniels@gmail.com
Target Milestone: ---
When a non WebSocket connection is made to a WebsScket endpoint, Apache returns
error 500. The cause of this only shows up in debug loglevel. In my opinion, a
500 response (aka. internal server ERROR) should not log to debug, but to a
higher level, eg. warn.
Example Log.
[2021-06-10 12:28:52.369642] [proxy_http:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH01113: HTTP: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX
[2021-06-10 12:28:52.369665] [proxy_wstunnel:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH02900: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX (not WebSocket,
Upgrade: header is missing)
Alternatively, a 400 Bad Request could be returned, as per RFC 6455.
4.2.1. Reading the Client's Opening Handshake
When a client starts a WebSocket connection, it sends its part of the
opening handshake. The server must parse at least part of this
handshake in order to obtain the necessary information to generate
the server part of the handshake.
The client's opening handshake consists of the following parts. If
the server, while reading the handshake, finds that the client did
not send a handshake that matches the description below (note that as
per [RFC2616], the order of the header fields is not important),
including but not limited to any violations of the ABNF grammar
specified for the components of the handshake, the server MUST stop
processing the client's handshake and return an HTTP response with an
appropriate error code (such as 400 Bad Request).
Even then, i think debug would be too low for logging this.
What do you think aboout this?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 65370
Summary: "not Websocket" loglevel too low or wrong response
code
Product: Apache httpd-2
Version: 2.4.38
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: mod_proxy_wstunnel
Assignee: bugs@httpd.apache.org
Reporter: baumgartnerniels@gmail.com
Target Milestone: ---
When a non WebSocket connection is made to a WebsScket endpoint, Apache returns
error 500. The cause of this only shows up in debug loglevel. In my opinion, a
500 response (aka. internal server ERROR) should not log to debug, but to a
higher level, eg. warn.
Example Log.
[2021-06-10 12:28:52.369642] [proxy_http:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH01113: HTTP: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX
[2021-06-10 12:28:52.369665] [proxy_wstunnel:debug] 77.58.167.134:34602
YMHpZDtBmWovu2H73X2mGwAACQA AH02900: declining URL
ws://10.252.161.101:17001/signalr/negotiate?enc_auth_token=XXX (not WebSocket,
Upgrade: header is missing)
Alternatively, a 400 Bad Request could be returned, as per RFC 6455.
4.2.1. Reading the Client's Opening Handshake
When a client starts a WebSocket connection, it sends its part of the
opening handshake. The server must parse at least part of this
handshake in order to obtain the necessary information to generate
the server part of the handshake.
The client's opening handshake consists of the following parts. If
the server, while reading the handshake, finds that the client did
not send a handshake that matches the description below (note that as
per [RFC2616], the order of the header fields is not important),
including but not limited to any violations of the ABNF grammar
specified for the components of the handshake, the server MUST stop
processing the client's handshake and return an HTTP response with an
appropriate error code (such as 400 Bad Request).
Even then, i think debug would be too low for logging this.
What do you think aboout this?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org