Intermittently seeing wrong port

[chmac]

On our production server, with mod_rpaf installed, we intermittently see requests where the port has been set to 443, even though the request has no X-Port or X-Forwarded-Port header, and reached apache via port 80.

Both the server logs and PHP's $_SERVER['SERVER_PORT']; variable show 443. It happens anywhere from 3 in 20 to 12 in 20 times.

Any advice on how to debug the issue?

[chmac]

Managed to reproduce this issue consistently.

• Install a fresh Ubuntu 12.04 server (EC2 / Amazon / Virtualbox / whatever)
• sudo apt-get install libapache2-mod-php5
• Build and install mod_rpaf
• sudo rm /var/www/index.html
• echo '<?php usleep(rand(1000,100000)); var_dump($_SERVER);' | sudo tee /var/www/index.php

Run a couple of tests:

• for i in {1..1000}; do curl -s http://localhost/ | grep '"80"'; done | wc -l && for i in {1..1000}; do curl -s http://localhost/ | grep '"443"'; done | wc -l
• Should output 1000 and 0

Use siege to simulate traffic. Easiest option is to run 2 simultaneous siege processes in two terminals:

• siege --time=20M -c 15 -H 'X-Forwarded-For: 123.123.123.123' -H 'X-Forwarded-Port: 443' http://localhost/
• siege --time=20M -c 15 http://localhost/

Let siege run for a minute or two, then repeat the tests:

• for i in {1..1000}; do curl -s http://localhost/ | grep '"443"'; done | wc -l
• for i in {1..1000}; do curl -s http://localhost/ | grep '"80"'; done | wc -l

These final tests return some odd numbers in my tests. At first, instead of 1000 and 0, I get ~990 and ~10. So 99% of the requests are getting the wrong port. Some tests show 100% of requests with the wrong port.

Happy to provide more debugging information if necessary.

[y-ken]

I have hit same problem on my environment, too (CentOS 6.4).

[gnif]

Hi,

This is a known issue, it is caused by a race condition between threads setting the virtual host port. A simple way to work around this would be to run two virtual hosts, one for HTTPS requests, and the other for HTTP on separate ports. Currently there is no known way to fix this issue with Apache's internal design.

[y-ken]

I see. thank you for telling me the details.

[chmac]

Ahh, interesting. Thanks for the response. I've been testing exactly that, splitting the virtual hosts between http and https. It didn't seem to be 100% reliable, but I'll conduct some further tests. Open to a pull request explaining the issue in the readme?

[gnif]

Can someone please re-test this, it should be corrected.

[gnif]

Closing due to inactivity, assuming fixed until told otherwise.