979129 – Apache return 500 error code on timeout instead of a 408

Bug 979129 - Apache return 500 error code on timeout instead of a 408

Summary: Apache return 500 error code on timeout instead of a 408

Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	6.1
Assignee:	Web Stack Team
QA Contact:	Filip Holec
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:	1162152
TreeView+	depends on / blocked

Reported:	2013-06-27 17:22 UTC by Leticia Konno
Modified:	2018-12-03 19:12 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit) Cause: mod_cgi returned 500 Internal Server Error error code when client failed to send the request before timeout. Consequence: Client received 500 Internal Server Error code instead of 408 Timeout error code. Fix: mod_cgi now returns 408 error code in this situation. Result: Client receives 408 error code in this situation. Cause: mod_cgi returned 500 Internal Server Error error code when client failed to send the request before timeout. Consequence: Client received 500 Internal Server Error code instead of 408 Timeout error code. Fix: mod_cgi now returns 408 error code in this situation. Result: Client receives 408 error code in this situation.
Clone Of:
Clones:	1162152 (view as bug list)
Environment:	(edit)
Last Closed:	2014-10-14 08:07:36 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1386	normal	SHIPPED_LIVE	httpd bug fix and enhancement update	2014-10-14 01:27:20 UTC

Description Leticia Konno 2013-06-27 17:22:24 UTC

Description of problem:

When an HTTP request is sent to apache, if one specifies the content-length request header of X bytes and server doesn't receive X number of bytes within timeout period, 500 Internal Server Error is returned to the client by apache. 

Version-Release number of selected component (if applicable):
httpd-2.2.15-15.el6_2.1.x86_64

How reproducible:

Setting up mod_dav on httpd to handle PUTs and called a PUT request through curl with a Content-Length header that mismatches the actual size of the PUT content. 

curl -k -v -i virtual1\\user1:test1 -H "Content-Type: text/plain; charset=utf-8" -H "Content-Length: 100" --data-binary 'test data' -X PUT "https://hostname/page"

Actual results:

It provides a 500 error code.

Expected results:

408 timeout code.

Additional info:

The reaction we get in this event (timing out before httpd receives the designated content-length) appears to depend on the module(s) ultimately used to serve that request.  In the instance of the mod_dav reproducer, the mod_dav module likely just sees it didn't get all the expected content and so can't successfully put the file and so 500s.  mod_dav likely doesn't specifically know that it doesn't get that content because httpd timed out the connection with the client and so it just provides a 500 for the mod_dav error putting that file, trumping any potential 408 provided instead at the base httpd level for such a timeout.

Comment 14 errata-xmlrpc 2014-10-14 08:07:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1386.html

Note You need to log in before you can comment on or make changes to this bug.