Mailing List Archive

mod_proxy_http2 setting Transfer-Encoding chunked for a GET request
Hi all,

today I stumbled into an unexpected request denial by a rule in the
mod_security Core Rule Set 3. It denies requests without body, that have
Transfer-Encoding chunked set.

When I send a normal GET request, without body, no Transfer-Encoding and
no Content-Length, to httpd and proxy it via mod_proxy_http2 to the same
server, the proxied request gets "Transfer-Encoding: chunked" added by
mod_proxy_http2 and is then denied by mod_security on the receiving
side. No such addition when using mod_proxy_http.

It seems to me, that "Transfer-Encoding: chunked" is not allowed for
http/2 (due to its always streaming behavior), and at least it is
unexpected for a GET or HEAD request.

Any chance we can get rid of it when proxying a request, that has no
body and doesn't bring the header by its own?

Should I open a PR in our bugzilla, or on the mod_h2 Github repos?

Thanks and best regards,

Rainer
Re: mod_proxy_http2 setting Transfer-Encoding chunked for a GET request [ In reply to ]
Hi Rainer,

> Am 28.09.2022 um 15:33 schrieb Rainer Jung <rainer.jung@kippdata.de>:
>
> Hi all,
>
> today I stumbled into an unexpected request denial by a rule in the mod_security Core Rule Set 3. It denies requests without body, that have Transfer-Encoding chunked set.
>
> When I send a normal GET request, without body, no Transfer-Encoding and no Content-Length, to httpd and proxy it via mod_proxy_http2 to the same server, the proxied request gets "Transfer-Encoding: chunked" added by mod_proxy_http2 and is then denied by mod_security on the receiving side. No such addition when using mod_proxy_http.
>
> It seems to me, that "Transfer-Encoding: chunked" is not allowed for http/2 (due to its always streaming behavior), and at least it is unexpected for a GET or HEAD request.
>
> Any chance we can get rid of it when proxying a request, that has no body and doesn't bring the header by its own?
>
> Should I open a PR in our bugzilla, or on the mod_h2 Github repos?

bugzilla seems good. this might affect more than http2.

We'll see what exactly happens. I suspect it is not mod_proxy_http2, but mod_http2 that adds "chunked" when the EOS of an incoming request has not been received yet and the request is started. If it has no content-length, mod_http2 must chunk the possibly still incoming request body.

This is in 2.4.x. In trunk we changed the filters to no longer require that.

>
> Thanks and best regards,
>
> Rainer
Re: mod_proxy_http2 setting Transfer-Encoding chunked for a GET request [ In reply to ]
Hi Stefan,

the PR is:

https://bz.apache.org/bugzilla/show_bug.cgi?id=66282

Let me know, in case you can not reproduce it, or I should test something!

Best regards,

Rainer