Hi Nick, replies inline...
On Mon, 1 May 2017 at 18:14 Nick Kew <[email protected]> wrote:
> On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
> > Hi list,
> > I'm seeing an unexpected behaviour when a 413 Request Entity Too
> > Large error occurs on a site proxied with Apache 2.4.25. There is an
> > ErrorDocument configured for this error but it does not show up as
> > (from the error page itself):
> > "Additionally, a 413 Request Entity Too Large error was
> > encountered while trying to use an ErrorDocument to handle the
> > request."
>
> I'm not clear on the division of responsibilities between
> your proxy and backend here. Is this Apache as proxy generating
> a recursive error? Is it the proxy or the backend that's rejecting
> the request (and thus generating a 413) in the first place?
> Is the 413 being generated due to a Content-Length header, or
> actual request data, or something else? Is there an
> Expect ... 100 Continue negotaition anywhere there?
>
Ah yes, not sure why I left out this crucial bit of information.
Apache is acting as a proxy with mod_security being used to limit the
maximum request sizes. The backend processes user uploads, and once in a
while, someone tries to upload something larger than normal. Instead of
rejecting the file on the different backends, we've decided to put the
rejection on the proxy using mod_security:
SecRequestBodyLimit 10240000
SecRequestBodyNoFilesLimit 102400
SecRequestBodyLimitAction Reject
So Apache is the one generating the 413, but we have a specific error
document on the backend that's shown to the user when the 413 error occurs:
(This is still a configuration line from the Apache proxy)
ErrorDocument 413 /ErrFileTooLarge
I assume mod_security does the size limit enforcement by both inspecting
the Content-Length header and the actual data.
>
> > I do see the error page being requested on the proxied site by
> > Apache, but Apache does not show it.
>
> What do you mean by an error page being requested?
>
> > Is this expected or unexpected behavior?
>
> No. That "Additionally ..." is fallback if normal processing fails.
>
> Can't be sure, but I suspect you've found a bug (the alternative
> is a configuration error). If you can come up with a test case
> to reproduce the behaviour, an entry in Bugzilla would be in order.
>
I would have expected Apache to still deliver the configured ErrorDocument
for a 413 error that mod_security/apache generates, but not sure if it is a
configuration problem or it has specifically been designed to behave that
way. Thought I'd confirm with the list first before opening an issue.
>
> --
> Nick Kew
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
