Affects: Release Notes Help Desk Ticket Reference: https://na7.salesforce.com/500A000000Atih9 Steps to Reproduce: Test Case : JSP containing <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <%response.setStatus(230);%> </body> </html> 1) Run the command curl -i http://localhost:8080/test/testPage.jsp the status code is seen as HTTP/1.1 230 230 2) Run the command curl http://localhost/test/testPage.jsp status code is HTTP/1.1 500 Internal Server Error project_key: JBEWS When a using mod_proxy http as a loadbalancer/proxy and a JSP with a custom status code (i.e outside the standard ones recorgnised by apache) , the status code is changed to err 500. Apache bugzilla with the fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44995
I tried using AJP, but that still doesn't work. With AJP, the following ends up in the error log: [Thu Aug 30 15:59:28 2012] [error] (70014)End of file found: ajp_ilink_receive() can't receive header [Thu Aug 30 15:59:28 2012] [error] ajp_read_header: ajp_ilink_receive failed [Thu Aug 30 15:59:28 2012] [error] (120006)APR does not understand this error code: proxy: read response failed from (null) (localhost) This has been tested with httpd-2.2.3-65.el5_8 from RHEL5, but rumours has it the EWS version behaves the same.
It turns out the wrong version of apache httpd, 2.2.22, was tested. There is no workaround for this with what is shipped with EWS 1.0.2 (httpd 2.2.17) Removing described workaround
Workaround Description: Removed: switch from mod_proxy http to mod_proxy ajp
Link: Added: This issue Cloned to JBEWS-5
Attachment: Added: patch.txt
Could you please add the patch to the next production.-
Link: Added: This issue Cloned to JBEWS-500
Assigning EWS issue to Weinan.
Needs to be synced with https://bugzilla.redhat.com/show_bug.cgi?id=853128
Patch applied: httpd-2.2.22-18.ep6.el5 httpd-2.2.22-18.ep6.el6 Will be included in next release.
Added DocText. @Wei Nan Li, can you please review the Doc Text content?
Checked for RHEL6 and it doesn't contain the fix, the error still occurs.
Was checked with EWS 2.0.1.ER2
I've found the RHEL6 zips extracted here are not correct: http://download.devel.redhat.com/devel/candidates/JBEWS/JBEWS-2.0.1-ER2/ I've created a ticket to update the zips: https://engineering.redhat.com/rt/Ticket/Display.html?id=205650 After this ticket get solved, we'll have the correct rhel6 zips. Sorry for the mistake. After the rhel6 zips fixed I'll update this bz.
Not fixed in EWS 2.0.1 ER2 on Solaris and Windows builds
Mladen, could you please help to check this? Thanks!
Sure. The patch wasn't applied to Windows/Solaris branch. Weinan, What's the name of this patch in ep-6-rhel-5 branch?
Created attachment 754195 [details] httpd-2.2.3-r693108.patch The patch name is: httpd-2.2.3-r693108.patch
OK. However I don't see that patch applied to ep-6-rhel-5 branch. Which branch you are using for RHEL-5 ews-httpd ? I need a way to sync the .spec files with "something"
Hi Mladen, I've checked the diff result on ep-6-rhel-5 and I see the patch is applied in a93388b35246c74aeddd09198dbef9bb9303a051: --- a/httpd.spec +++ b/httpd.spec @@ -18,7 +18,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.2.22 -Release: 18%{?dist} +Release: 17%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html @@ -70,7 +70,6 @@ Patch80: httpd-2.2.22-apr.patch Patch81: httpd-2.2.22-r815719+.patch Patch82: httpd-2.2.22-CVE-2012-2687.patch Patch83: httpd-2.2.22-bz894955.patch -Patch84: httpd-2.2.3-r693108.patch License: ASL 2.0 Group: System Environment/Daemons @@ -202,8 +201,6 @@ Security (TLS) protocols. install -m755 $RPM_SOURCE_DIR/httpd.init \ $RPM_BUILD_DIR/httpd-%{version}/httpd.init %patch83 -p0 -b .bz894955 -%patch84 -p1 -b .r693108 - mv $RPM_BUILD_DIR/httpd-%{version}/httpd.init \ $RPM_SOURCE_DIR/httpd.init @@ -622,9 +619,6 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog -* Wed May 08 2013 Weinan Li <weli> - 2.2.22-18 -- relax checks for status-line validity #853128 - * Thu May 02 2013 Weinan Li <weli> - 2.2.22-17 - generate src zip correctly
OK. Found it. Beside thi I've applied the fixes for CVE-2012-3499 and CVE-2012-4558 which were also missing. I'll reassign once the builds are finished. Probably Friday
Can someone confirm if this bug is currently on QA or verified? If so, can we set the status, please. If the status remains ASSIGNED, this bug is automatically sorted as an open (Known) issue in the release notes.
This will be included in CR1.
VERIFIED on EWS-2.0.1-CR1 on RHEL
Verified on EWS 2.0.1 CR1 on MS Windows 2008 32/64bit, MS Windows 2008R2 - OracleJDK1.6, OracleJDK1.7 Verified on EWS 2.0.1 CR1 on Solaris 10,11 Intel 32/64bit, Solaris SPARC 10, 11 - OracleJDK 1.6, 1.7