Bug 900827 (JBEWS-4)

Summary: Apache httpd returns 500 status code instead of custom status code when using mod_proxy
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Lami Akagwu <lakagwu>
Component: httpdAssignee: Mladen Turk <mturk>
Status: CLOSED CURRENTRELEASE QA Contact: Libor Fuka <lfuka>
Severity: high Docs Contact:
Priority: high    
Version: 2.0.0CC: djuran, jawilson, jclere, jdoyle, jfclere, lakagwu, majoshi, mhasko, mhusnain, mturk, myarboro, pcheung, pslavice, rhatlapa, rsvoboda, weli
Target Milestone: ---   
Target Release: 2.0.1   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEWS-4
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An issue with Apache http produces wrong status code when using mod_proxy http as a loadbalancer/proxy and a JSP with a custom status code. Instead of custom status code, 500 status code is returned. The bug in the Apache http has now been fixed. Using mod_proxy http as a loadbalancer/proxy and a JSP with a custom status code now returns the custom status code.
 Story Points: ---
Clone Of:
: 961377 (view as bug list) Environment:
Last Closed: 2014-01-03 12:58:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 956990    
Bug Blocks: 956987, 961377    
Attachments:
Description Flags
patch.txt
none
httpd-2.2.3-r693108.patch none

Description Lami Akagwu 2012-08-29 16:50:20 UTC 
Affects: Release Notes
Help Desk Ticket Reference: https://na7.salesforce.com/500A000000Atih9
Steps to Reproduce: Test Case :
JSP containing 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%response.setStatus(230);%>
</body>
</html>

1) Run the command curl -i http://localhost:8080/test/testPage.jsp the status code is seen as HTTP/1.1 230 230 
2) Run the command  curl http://localhost/test/testPage.jsp  status code is HTTP/1.1 500 Internal Server Error

project_key: JBEWS

When a using mod_proxy http as a loadbalancer/proxy and a JSP with a custom status code (i.e outside the standard ones recorgnised by apache) , the status code is changed to err 500. 

Apache bugzilla with the fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44995
Comment 1 David Juran 2012-08-30 13:43:20 UTC 
I tried using AJP, but that still doesn't work. 

With AJP, the following ends up in the error log:

[Thu Aug 30 15:59:28 2012] [error] (70014)End of file found: ajp_ilink_receive() can't receive header
[Thu Aug 30 15:59:28 2012] [error] ajp_read_header: ajp_ilink_receive failed
[Thu Aug 30 15:59:28 2012] [error] (120006)APR does not understand this error code: proxy: read response failed from (null) (localhost)


This has been tested with httpd-2.2.3-65.el5_8 from RHEL5, but rumours has it the EWS version behaves the same.
Comment 2 Lami Akagwu 2012-08-30 15:50:24 UTC 
It turns out the wrong version of apache httpd, 2.2.22, was tested. There is no workaround for this with what is shipped with EWS 1.0.2 (httpd 2.2.17)
Removing described workaround
Comment 3 Lami Akagwu 2012-08-30 15:50:42 UTC 
Workaround Description: Removed: switch from mod_proxy http to mod_proxy ajp
Comment 4 Lami Akagwu 2012-08-30 16:09:26 UTC 
Link: Added: This issue Cloned to JBEWS-5
Comment 5 Jean-Frederic Clere 2012-09-02 09:34:50 UTC 
Attachment: Added: patch.txt
Comment 6 Jean-Frederic Clere 2012-09-02 09:35:52 UTC 
Could you please add the patch to the next production.-
Comment 7 Lami Akagwu 2012-11-26 11:59:12 UTC 
Link: Added: This issue Cloned to JBEWS-500
Comment 8 Permaine Cheung 2012-11-26 13:55:17 UTC 
Assigning EWS issue to Weinan.
Comment 9 Lami Akagwu 2013-04-09 14:18:10 UTC 
Needs to be synced with https://bugzilla.redhat.com/show_bug.cgi?id=853128
Comment 11 Weinan Li 2013-05-08 08:59:31 UTC 
Patch applied: 

httpd-2.2.22-18.ep6.el5
httpd-2.2.22-18.ep6.el6

Will be included in next release.
Comment 12 Mandar Joshi 2013-05-16 13:24:45 UTC 
Added DocText.

@Wei Nan Li, can you please review the Doc Text content?
Comment 13 Radim Hatlapatka 2013-05-23 19:49:53 UTC 
Checked for RHEL6 and it doesn't contain the fix, the error still occurs.
Comment 14 Radim Hatlapatka 2013-05-23 19:55:47 UTC 
Was checked with EWS 2.0.1.ER2
Comment 15 Weinan Li 2013-05-27 07:09:46 UTC 
I've found the RHEL6 zips extracted here are not correct:

http://download.devel.redhat.com/devel/candidates/JBEWS/JBEWS-2.0.1-ER2/

I've created a ticket to update the zips:

https://engineering.redhat.com/rt/Ticket/Display.html?id=205650

After this ticket get solved, we'll have the correct rhel6 zips.

Sorry for the mistake. After the rhel6 zips fixed I'll update this bz.
Comment 16 Libor Fuka 2013-05-28 13:18:02 UTC 
Not fixed in EWS 2.0.1 ER2 on Solaris and Windows builds
Comment 17 Weinan Li 2013-05-28 15:06:11 UTC 
Mladen, could you please help to check this? Thanks!
Comment 18 Mladen Turk 2013-05-28 15:22:32 UTC 
Sure. The patch wasn't applied to Windows/Solaris branch.
Weinan, What's the name of this patch in ep-6-rhel-5 branch?
Comment 19 Weinan Li 2013-05-29 06:25:50 UTC 
Created attachment 754195 [details]
httpd-2.2.3-r693108.patch

The patch name is: httpd-2.2.3-r693108.patch
Comment 20 Mladen Turk 2013-05-29 09:23:06 UTC 
OK.
However I don't see that patch applied to ep-6-rhel-5 branch.
Which branch you are using for RHEL-5 ews-httpd ?
I need a way to sync the .spec files with "something"
Comment 21 Weinan Li 2013-05-29 09:30:30 UTC 
Hi Mladen, I've checked the diff result on ep-6-rhel-5 and I see the patch is applied in a93388b35246c74aeddd09198dbef9bb9303a051: 

--- a/httpd.spec
+++ b/httpd.spec
@@ -18,7 +18,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.22
-Release: 18%{?dist}
+Release: 17%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
 Source1: index.html
@@ -70,7 +70,6 @@ Patch80: httpd-2.2.22-apr.patch
 Patch81: httpd-2.2.22-r815719+.patch
 Patch82: httpd-2.2.22-CVE-2012-2687.patch
 Patch83: httpd-2.2.22-bz894955.patch
-Patch84: httpd-2.2.3-r693108.patch

 License: ASL 2.0
 Group: System Environment/Daemons
@@ -202,8 +201,6 @@ Security (TLS) protocols.
 install -m755 $RPM_SOURCE_DIR/httpd.init \
        $RPM_BUILD_DIR/httpd-%{version}/httpd.init
 %patch83 -p0 -b .bz894955
-%patch84 -p1 -b .r693108
-
 mv $RPM_BUILD_DIR/httpd-%{version}/httpd.init \
        $RPM_SOURCE_DIR/httpd.init

@@ -622,9 +619,6 @@ rm -rf $RPM_BUILD_ROOT
 %endif

 %changelog
-* Wed May 08 2013 Weinan Li <weli> - 2.2.22-18
-- relax checks for status-line validity #853128
-
 * Thu May 02 2013 Weinan Li <weli> - 2.2.22-17
 - generate src zip correctly
Comment 22 Weinan Li 2013-05-29 09:31:00 UTC 
Hi Mladen, I've checked the diff result on ep-6-rhel-5 and I see the patch is applied in a93388b35246c74aeddd09198dbef9bb9303a051: 

--- a/httpd.spec
+++ b/httpd.spec
@@ -18,7 +18,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.22
-Release: 18%{?dist}
+Release: 17%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
 Source1: index.html
@@ -70,7 +70,6 @@ Patch80: httpd-2.2.22-apr.patch
 Patch81: httpd-2.2.22-r815719+.patch
 Patch82: httpd-2.2.22-CVE-2012-2687.patch
 Patch83: httpd-2.2.22-bz894955.patch
-Patch84: httpd-2.2.3-r693108.patch

 License: ASL 2.0
 Group: System Environment/Daemons
@@ -202,8 +201,6 @@ Security (TLS) protocols.
 install -m755 $RPM_SOURCE_DIR/httpd.init \
        $RPM_BUILD_DIR/httpd-%{version}/httpd.init
 %patch83 -p0 -b .bz894955
-%patch84 -p1 -b .r693108
-
 mv $RPM_BUILD_DIR/httpd-%{version}/httpd.init \
        $RPM_SOURCE_DIR/httpd.init

@@ -622,9 +619,6 @@ rm -rf $RPM_BUILD_ROOT
 %endif

 %changelog
-* Wed May 08 2013 Weinan Li <weli> - 2.2.22-18
-- relax checks for status-line validity #853128
-
 * Thu May 02 2013 Weinan Li <weli> - 2.2.22-17
 - generate src zip correctly
Comment 23 Mladen Turk 2013-05-29 10:30:37 UTC 
OK. Found it.
Beside thi I've applied the fixes for
CVE-2012-3499 and CVE-2012-4558 which were also missing.

I'll reassign once the builds are finished. Probably Friday
Comment 24 Misha H. Ali 2013-05-30 01:01:00 UTC 
Can someone confirm if this bug is currently on QA or verified? If so, can we set the status, please. If the status remains ASSIGNED, this bug is automatically sorted as an open (Known) issue in the release notes.
Comment 25 Weinan Li 2013-05-30 03:08:54 UTC 
This will be included in CR1.
Comment 26 Michal Haško 2013-06-06 15:04:57 UTC 
VERIFIED on EWS-2.0.1-CR1 on RHEL
Comment 27 Libor Fuka 2013-06-07 07:25:33 UTC 
Verified on EWS 2.0.1 CR1 on MS Windows 2008 32/64bit, MS Windows 2008R2 - OracleJDK1.6, OracleJDK1.7

Verified on EWS 2.0.1 CR1 on Solaris 10,11 Intel 32/64bit, Solaris SPARC 10, 11 - OracleJDK 1.6, 1.7