Mailing List Archive: Weird issue with "H2Push" combined with FilesMatch

Weird issue with "H2Push" combined with FilesMatch

josestefan at hotmail

Oct 24, 2023, 8:31 AM

Post #1 of 8 (217 views)

Hello,

I have a weird issue while using "H2Push". I'm turning it off, but depending where it's nested it doesn't work as expected. Subset of config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS.

With the code as presented, it still triggers a push for "fileC.css". I expect NO push to happen as it is turned off before the"H2PushResource..." line.

Here's where I'm confused. I've performed the following individual tests:

* If I use the "H2Push off" outside of the FilesMatch (and comment the one inside), The push doesn't happen.
*
If I use both "H2Push off" and "H2PushResource..." outside of the FilesMatch (and comment the ones inside), The push doesn't happen.
* If I comment out the "H2PushResource..." inside the FilesMatch, the push doesn't happen. Therefore, I know the config is hitting that part.

It's only when both lines are inside the FilesMatch that I don't get the expected results. Yet the context for h2push reads:
Context: server config, virtual host, directory, .htaccess

The plan, eventually, is to enable just the early hints and not the push. But I haven't even gotten to testing that part yet. My version of httpd doesn't support "H2EarlyHint".

Subset of the config:
----------
H2Push on
...
<IfModule mod_ssl.c>
??????<VirtualHost *:443>
????????????...
????????????<IfModule http2_module>
??????????????????#H2EarlyHints on
??????????????????#H2Push off
??????????????????#H2PushResource /fileC.css
??????????????????<FilesMatch "^(fileA|fileB)\.php$">
????????????????????????H2Push off
????????????????????????H2PushResource /fileC.css
????????????????????????#H2EarlyHint ... Available in version 2.4.58 and later.
??????????????????</FilesMatch>
????????????</IfModule>
????????????...
??????</VirtualHost>
</IfModule>...

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

stormy22 at stormy

Oct 24, 2023, 9:55 AM

Post #2 of 8 (217 views)

On 2023-10-24 11:31, Jose Stefan wrote:
> Hello,
>
> I have a weird issue while using "H2Push". I'm turning it off, but
> depending where it's nested it doesn't work as expected. Subset of
> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> 22.04 LTS.
>
> With the code as presented, it still triggers a push for "fileC.css". I
> expect NO push to happen as it is turned off before
> the"H2PushResource..." line.

Quick question, not a solution. Does you php (or other static
environment) have any 'rel=preload'?
>
> Here's where I'm confused. I've performed the following individual tests:
>
> * If I use the "H2Push off" outside of the FilesMatch (and comment the
> one inside), The push doesn't happen.
> *
> If I use both "H2Push off" and "H2PushResource..." outside of the
> FilesMatch (and comment the ones inside), The push doesn't happen.
> * If I comment out the "H2PushResource..." inside the FilesMatch, the
> push doesn't happen. Therefore, I know the config is hitting that part.
>
> It's only when both lines are inside the FilesMatch that I don't get the
> expected results. Yet the context for h2push reads:
> Context: server config, virtual host, directory, .htaccess
>
> The plan, eventually, is to enable just the early hints and not the
> push. But I haven't even gotten to testing that part yet. My version of
> httpd doesn't support "H2EarlyHint".
>
> Subset of the config:
> ----------
> H2Push on
> ...
> <IfModule mod_ssl.c>
> ??????<VirtualHost *:443>
> ????????????...
> ????????????<IfModule http2_module>
> ??????????????????#H2EarlyHints on
> ??????????????????#H2Push off
> ??????????????????#H2PushResource /fileC.css
> ??????????????????<FilesMatch "^(fileA|fileB)\.php$">
> ????????????????????????H2Push off
> ????????????????????????H2PushResource /fileC.css
> ????????????????????????#H2EarlyHint ... Available in version 2.4.58 and
> later.
> ??????????????????</FilesMatch>
> ????????????</IfModule>
> ????????????...
> ??????</VirtualHost>
> </IfModule>...
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

josestefan at hotmail

Oct 24, 2023, 10:17 AM

Post #3 of 8 (217 views)

Hello Paul,

No, not that I am aware off. The push is only triggered by the "H2PushResource" directive shown. Which I tried to showcase with the 3rd test.

Within fileA.php and fileB.php the stylesheet is loaded with this line:
<link href="fileC.css" rel="stylesheet">

A tag within the html content, and not a header.

To perform my tests I'm mostly using the command line:
nghttp -vn URL

But to remove PHP from the equation. I've now peformed the following test.

1. saved the generated content as a static fileA.html
2. changed to this line: <Files "fileA.html">

And after the test I still get the push.

--Jose Stefan

________________________________
From: Paul <stormy22@stormy.ca>
Sent: Tuesday, October 24, 2023 12:55 PM
To: users@httpd.apache.org <users@httpd.apache.org>
Subject: Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On 2023-10-24 11:31, Jose Stefan wrote:
> Hello,
>
> I have a weird issue while using "H2Push". I'm turning it off, but
> depending where it's nested it doesn't work as expected. Subset of
> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> 22.04 LTS.
>
> With the code as presented, it still triggers a push for "fileC.css". I
> expect NO push to happen as it is turned off before
> the"H2PushResource..." line.

Quick question, not a solution. Does you php (or other static
environment) have any 'rel=preload'?
>
> Here's where I'm confused. I've performed the following individual tests:
>
> * If I use the "H2Push off" outside of the FilesMatch (and comment the
> one inside), The push doesn't happen.
> *
> If I use both "H2Push off" and "H2PushResource..." outside of the
> FilesMatch (and comment the ones inside), The push doesn't happen.
> * If I comment out the "H2PushResource..." inside the FilesMatch, the
> push doesn't happen. Therefore, I know the config is hitting that part.
>
> It's only when both lines are inside the FilesMatch that I don't get the
> expected results. Yet the context for h2push reads:
> Context: server config, virtual host, directory, .htaccess
>
> The plan, eventually, is to enable just the early hints and not the
> push. But I haven't even gotten to testing that part yet. My version of
> httpd doesn't support "H2EarlyHint".
>
> Subset of the config:
> ----------
> H2Push on
> ...
> <IfModule mod_ssl.c>
> ??????<VirtualHost *:443>
> ????????????...
> ????????????<IfModule http2_module>
> ??????????????????#H2EarlyHints on
> ??????????????????#H2Push off
> ??????????????????#H2PushResource /fileC.css
> ??????????????????<FilesMatch "^(fileA|fileB)\.php$">
> ????????????????????????H2Push off
> ????????????????????????H2PushResource /fileC.css
> ????????????????????????#H2EarlyHint ... Available in version 2.4.58 and
> later.
> ??????????????????</FilesMatch>
> ????????????</IfModule>
> ????????????...
> ??????</VirtualHost>
> </IfModule>...
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

stormy22 at stormy

Oct 24, 2023, 11:01 AM

Post #4 of 8 (217 views)

On 2023-10-24 13:17, Jose Stefan wrote:

Please don't top-post

> No, not that I am aware off. The push is only triggered by the
> "H2PushResource" directive shown. Which I tried to showcase with the
> 3^rd test.
>
> Within fileA.php and fileB.php the stylesheet is loaded with this line:
> <link href="fileC.css" rel="stylesheet">
>
> A tag within the html content, and not a header.
>
> To perform my tests I'm mostly using the command line:
> nghttp -vn URL

^^^^^^
What version of Apache / httpd? What server system / version? I
personally had never heard of Nghttp, and their website appears to have
last been updated in 2015. (<https://nghttp2.org/>)

>
> But to remove PHP from the equation. I've now peformed the following test.
>
> 1. saved the generated content as a static fileA.html
> 2. changed to this line: <Files "fileA.html">
>
> And after the test I still get the push.
>
> --Jose Stefan
>
> ------------------------------------------------------------------------
> *From:* Paul <stormy22@stormy.ca>
> *Sent:* Tuesday, October 24, 2023 12:55 PM
> *To:* users@httpd.apache.org <users@httpd.apache.org>
> *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with
> FilesMatch
> On 2023-10-24 11:31, Jose Stefan wrote:
>> Hello,
>>
>> I have a weird issue while using "H2Push". I'm turning it off, but
>> depending where it's nested it doesn't work as expected. Subset of
>> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
>> 22.04 LTS.
>>
>> With the code as presented, it still triggers a push for "fileC.css". I
>> expect NO push to happen as it is turned off before
>> the"H2PushResource..." line.
>
> Quick question, not a solution. Does you php (or other static
> environment) have any 'rel=preload'?
>>
>> Here's where I'm confused. I've performed the following individual tests:
>>
>>   * If I use the "H2Push off" outside of the FilesMatch (and comment the
>>     one inside), The push doesn't happen.
>>   *
>>     If I use both "H2Push off" and "H2PushResource..." outside of the
>>     FilesMatch (and comment the ones inside), The push doesn't happen.
>>   * If I comment out the "H2PushResource..." inside the FilesMatch, the
>>     push doesn't happen. Therefore, I know the config is hitting that part.
>>
>> It's only when both lines are inside the FilesMatch that I don't get the
>> expected results. Yet the context for h2push reads:
>> Context: server config, virtual host, directory, .htaccess
>>
>> The plan, eventually, is to enable just the early hints and not the
>> push. But I haven't even gotten to testing that part yet. My version of
>> httpd doesn't support "H2EarlyHint".
>>
>> Subset of the config:
>> ----------
>> H2Push on
>> ...
>> <IfModule mod_ssl.c>
>> ??????<VirtualHost *:443>
>> ????????????...
>> ????????????<IfModule http2_module>
>> ??????????????????#H2EarlyHints on
>> ??????????????????#H2Push off
>> ??????????????????#H2PushResource /fileC.css
>> ??????????????????<FilesMatch "^(fileA|fileB)\.php$">
>> ????????????????????????H2Push off
>> ????????????????????????H2PushResource /fileC.css
>> ????????????????????????#H2EarlyHint ... Available in version 2.4.58 and
>> later.
>> ??????????????????</FilesMatch>
>> ????????????</IfModule>
>> ????????????...
>> ??????</VirtualHost>
>> </IfModule>...
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

thumbs at apache

Oct 24, 2023, 11:09 AM

Post #5 of 8 (217 views)

On Tue, Oct 24, 2023 at 2:02?PM Paul <stormy22@stormy.ca> wrote:

> On 2023-10-24 13:17, Jose Stefan wrote:
>
> Please don't top-post
>
> > No, not that I am aware off. The push is only triggered by the
> > "H2PushResource" directive shown. Which I tried to showcase with the
> > 3^rd test.
> >
> > Within fileA.php and fileB.php the stylesheet is loaded with this line:
> > <link href="fileC.css" rel="stylesheet">
> >
> > A tag within the html content, and not a header.
> >
> > To perform my tests I'm mostly using the command line:
> > nghttp -vn URL
>
> ^^^^^^
> What version of Apache / httpd? What server system / version? I
> personally had never heard of Nghttp, and their website appears to have
> last been updated in 2015. (<https://nghttp2.org/>)
>
>
> >
> > But to remove PHP from the equation. I've now peformed the following
> test.
> >
> > 1. saved the generated content as a static fileA.html
> > 2. changed to this line: <Files "fileA.html">
> >
> > And after the test I still get the push.
> >
> > --Jose Stefan
> >
> > ------------------------------------------------------------------------
> > *From:* Paul <stormy22@stormy.ca>
> > *Sent:* Tuesday, October 24, 2023 12:55 PM
> > *To:* users@httpd.apache.org <users@httpd.apache.org>
> > *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with
> > FilesMatch
> > On 2023-10-24 11:31, Jose Stefan wrote:
> >> Hello,
> >>
> >> I have a weird issue while using "H2Push". I'm turning it off, but
> >> depending where it's nested it doesn't work as expected. Subset of
> >> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> >> 22.04 LTS.
> >>
> >> With the code as presented, it still triggers a push for "fileC.css". I
> >> expect NO push to happen as it is turned off before
> >> the"H2PushResource..." line.
> >
> > Quick question, not a solution. Does you php (or other static
> > environment) have any 'rel=preload'?
> >>
> >> Here's where I'm confused. I've performed the following individual
> tests:
> >>
> >> * If I use the "H2Push off" outside of the FilesMatch (and comment the
> >> one inside), The push doesn't happen.
> >> *
> >> If I use both "H2Push off" and "H2PushResource..." outside of the
> >> FilesMatch (and comment the ones inside), The push doesn't happen.
> >> * If I comment out the "H2PushResource..." inside the FilesMatch, the
> >> push doesn't happen. Therefore, I know the config is hitting that
> part.
> >>
> >> It's only when both lines are inside the FilesMatch that I don't get
> the
> >> expected results. Yet the context for h2push reads:
> >> Context: server config, virtual host, directory, .htaccess
> >>
> >> The plan, eventually, is to enable just the early hints and not the
> >> push. But I haven't even gotten to testing that part yet. My version of
> >> httpd doesn't support "H2EarlyHint".
> >>
> >> Subset of the config:
> >> ----------
> >> H2Push on
> >> ...
> >> <IfModule mod_ssl.c>
> >> <VirtualHost *:443>
> >> ...
> >> <IfModule http2_module>
> >> #H2EarlyHints on
> >> #H2Push off
> >> #H2PushResource /fileC.css
> >> <FilesMatch "^(fileA|fileB)\.php$">
> >> H2Push off
> >> H2PushResource /fileC.css
> >> #H2EarlyHint ... Available in version 2.4.58 and
> >> later.
> >> </FilesMatch>
> >> </IfModule>
> >> ...
> >> </VirtualHost>
> >> </IfModule>...
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Keep in mind that nghttp2 is a build requirement for HTTP/2, which was
outlined in the threads pertaining to CVE 2033-44487. Testing with that
tool should be fine.

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

josestefan at hotmail

Oct 24, 2023, 11:11 AM

Post #6 of 8 (217 views)

Hello Paul,

Sorry, that's hotmail default behavior for replies. I have tried removing all default quoted text for this post and quoting manually to see how it turns out.

What version of Apache / httpd? What server system / version? I
personally had never heard of Nghttp, and their website appears to have
last been updated in 2015. (<https://nghttp2.org/>)

The Information you've asked is in the 1st post:
version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS.

Nghttp, is a command line tool similar to curl which supports showing the http2 push. I tried with curl, but while libcurl does support http2 push, the command line tool has no way of showing that information. AFAIK.

--Jose Stefan

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

stormy22 at stormy

Oct 24, 2023, 11:36 AM

Post #7 of 8 (217 views)

On 2023-10-24 14:09, Frank Gingras wrote:
[snip]
>
> Keep in mind that nghttp2 is a build requirement for HTTP/2, which was
> outlined in the threads pertaining to CVE 2033-44487. Testing with that
> tool should be fine.

Good point, thanks. I had missed it. In the Ubuntu world (nearly all of
my servers) <https://ubuntu.com/security/CVE-2023-44487> starts with the
statement that "The nginx developers do not consider nginx to be
affected by this issue" and seeing that I systematically use nginx as a
front end, I didn't read further -- my bad. Thanks Frank.

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Weird issue with "H2Push" combined with FilesMatch [ In reply to ]

josestefan at hotmail

Oct 25, 2023, 5:38 PM

Post #8 of 8 (209 views)

Hello,

I decided to re-create the problem on a fresh install. I used 2 win64 releases provided by apachelounge.com

* httpd-2.4.54-win64-VC15.zip
* httpd-2.4.58-win64-VS17.zip

I configured only the bare minimum needed to re-create the problem. They are both configured the same, and they both have ssl and http2 enabled.

I could only re-create the problem on the first build, I had no issue with 2.4.58. Therefore, I believe my issue might be a bug that has since been corrected. The website doesn't archive all releases, so I can't test exactly which version makes the difference.

Note that 2.4.54 is newer than the one provided on Ubuntu 22.04 LTS.

I'm using the versions provided by ubuntu for simplicity. Seem my options are:

* Update ubuntu to a newer release and use their repo, but none feature 2.4.58 so far, and I don't know if builds in between the ones I tested are fixed or not.
* Install the latest httpd from elsewhere and not the ubuntu repo.
* Redo the config in a way that doesn't trigger the bug.

--Jose Stefan