Bug#418925: marked as done (apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests)

To: Stefan Fritsch <sf@sfritsch.de>
Subject: Bug#418925: marked as done (apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 27 Jul 2008 15:06:22 +0000
Message-id: <[🔎] handler.418925.D418925.121717115428183.ackdone@bugs.debian.org>
References: <Pine.LNX.4.64.0807271702270.10762@eru.sfritsch.de> <20070412192001.10013.23887.reportbug@economo.snl.salk.edu>

Your message dated Sun, 27 Jul 2008 17:05:52 +0200 (CEST)
with message-id <Pine.LNX.4.64.0807271702270.10762@eru.sfritsch.de>
and subject line #418925 apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests
has caused the Debian Bug report #418925,
regarding apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
418925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418925
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests
From: Chris Adams <cadams@salk.edu>
Date: Thu, 12 Apr 2007 12:20:01 -0700
Message-id: <20070412192001.10013.23887.reportbug@economo.snl.salk.edu>

Package: apache2
Version: 2.2.3-4
Severity: important


I have been replacing the sadly-unreliable apt-proxy with an Apache2
mod_cache setup. Opera's Debian archive turns out to be virtual hosted
and fails when used like this:

ProxyPass /opera http://deb.opera.com/opera smax=4 retry=60

tcpdump confirms that ProxyPass is using only "opera" for the host rather than
the "deb.opera.com" specified in the URL:

10:51:17.836508 IP (tos 0x0, ttl  64, id 44916, offset 0, flags [DF], proto: TCP (6), length: 210) economo.example.edu.60062 > 193.69.116.32.www: P, cksum 0x430c (incorrect (-> 0x2887), 0:158(158) ack 1 win 5840 <nop,nop,timestamp 1091036920 2193310869>
	0x0000:  4500 00d2 af74 4000 4006 486a c6ca 4617  E....t@.@.Hj..F.
	0x0010:  c145 7420 ea9e 0050 3ca1 4938 39f2 c73f  .Et....P<.I89..?
	0x0020:  8018 16d0 430c 0000 0101 080a 4107 e6f8  ....C.......A...
	0x0030:  82bb 4495 4745 5420 2f6f 7065 7261 2f20  ..D.GET./opera/.
	0x0040:  4854 5450 2f31 2e30 0d0a 486f 7374 3a20  HTTP/1.0..Host:.
	0x0050:  6f70 6572 610d 0a43 6f6e 6e65 6374 696f  opera..Connectio
	0x0060:  6e3a 2063 6c6f 7365 0d0a 5573 6572 2d41  n:.close..User-A
	0x0070:  6765 6e74 3a20 6375 726c 2f37 2e31 362e  gent:.curl/7.16.
	0x0080:  3020 2869 3338 362d 6170 706c 652d 6461  0.(i386-apple-da
	0x0090:  7277 696e 392e 3029 206c 6962 6375 726c  rwin9.0).libcurl
	0x00a0:  2f37 2e31 362e 3020 4f70 656e 5353 4c2f  /7.16.0.OpenSSL/
	0x00b0:  302e 392e 376c 207a 6c69 622f 312e 322e  0.9.7l.zlib/1.2.
	0x00c0:  330d 0a41 6363 6570 743a 202a 2f2a 0d0a  3..Accept:.*/*..
	0x00d0:  0d0a                                     ..

The same bug appears to affect everything else; fortunately the main debian
archives don't seem to rely on Host: being set correctly.

10:52:15.830760 IP (tos 0x0, ttl  64, id 22366, offset 0, flags [DF], proto: TCP (6), length: 232) economo.example.edu.60086 > debian-mirror.mirror.umn.edu.www: P, cksum 0x7ef6 (incorrect (-> 0xedfd), 0:180(180) ack 1 win 5840 <nop,nop,timestamp 1091094924 368582266>
	0x0000:  4500 00e8 575e 4000 4006 6496 c6ca 4617  E...W^@.@.d...F.
	0x0010:  8065 f0d4 eab6 0050 3fec 9fe3 3fe0 b32d  .e.....P?...?..-
	0x0020:  8018 16d0 7ef6 0000 0101 080a 4108 c98c  ....~.......A...
	0x0030:  15f8 1e7a 4745 5420 2f64 6562 6961 6e2f  ...zGET./debian/
	0x0040:  6469 7374 732f 7374 6162 6c65 2f52 656c  dists/stable/Rel
	0x0050:  6561 7365 2048 5454 502f 312e 300d 0a48  ease.HTTP/1.0..H
	0x0060:  6f73 743a 2064 6562 6961 6e0d 0a43 6f6e  ost:.debian..Con
	0x0070:  6e65 6374 696f 6e3a 2063 6c6f 7365 0d0a  nection:.close..
	0x0080:  5573 6572 2d41 6765 6e74 3a20 6375 726c  User-Agent:.curl
	0x0090:  2f37 2e31 362e 3020 2869 3338 362d 6170  /7.16.0.(i386-ap
	0x00a0:  706c 652d 6461 7277 696e 392e 3029 206c  ple-darwin9.0).l
	0x00b0:  6962 6375 726c 2f37 2e31 362e 3020 4f70  ibcurl/7.16.0.Op
	0x00c0:  656e 5353 4c2f 302e 392e 376c 207a 6c69  enSSL/0.9.7l.zli
	0x00d0:  622f 312e 322e 330d 0a41 6363 6570 743a  b/1.2.3..Accept:
	0x00e0:  202a 2f2a 0d0a 0d0a                      .*/*....


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-12-amd64-k8-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2 depends on:
ii  apache2-mpm-worker            2.2.3-4    High speed threaded model for Apac

apache2 recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 418925-done@bugs.debian.org

Subject: #418925 apache2: mod_proxy_http / ProxyPass uses an invalid Host: header for backend requests

From: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 27 Jul 2008 17:05:52 +0200 (CEST)

Message-id: <Pine.LNX.4.64.0807271702270.10762@eru.sfritsch.de>

This bug is not reproducible and has not received more information for along time. Closing.
--- End Message ---

Reply to:

Prev by Date: Bug#92052: Robocop poised for hot comeback
Next by Date: Bug#342141: marked as done (apache2: Apache2 weird forks (owned by root))
Previous by thread: Bug#92052: Robocop poised for hot comeback
Next by thread: Bug#342141: marked as done (apache2: Apache2 weird forks (owned by root))
Index(es):
- Date
- Thread