Apache and mod_proxy not handling HTTP 100-continue from client HTTP 417

'm building some webby magic and am using Apache to front our tomcat server, forwarding requests to tomcat on port 8080. I have an issue using Apache and mod_proxy to forward requests. It appears the client (a web application) sends an HTTP 100-continue to which Apache responds with a 417 Expectation Failed.

When I take Apache out of the picture and send requests directly to tomcat on port 8080, the request is successful and the client is sent a 200 OK.

My Apache config looks like:

ServerName abcproxy
DocumentRoot /apps/apache-content/default

AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript text/xml

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

ExpiresActive on
ExpiresDefault "access 0 seconds"

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

        ProxyPreserveHost On

CustomLog /apps/ocp-logs/apache/abcproxy.log combined

Anyone see where i'm going wrong?

Best Answer

Apache has a known and unresolved issue with Expect headers, see bug 46709 and bug 47087.

The issue is that some clients set the Expect header and only send the request headers before a PUT or POST of data. This allows the server to respond to errors/redirects/security violations prior to the client sending the request body (PUT or POST data). This is a laudable goal, but apparently, the client does not wait until it gets a response and just pushes out the body of the request, which results in the 417 error.

If you have control over a .NET client you can use ServicePointManager.Expect100Continue Property set to false, to override this behavior.

If you only have control over the server, it looks like you can either force HTTP 1.0 for those clients (perhaps based on user agent string) or force unset the Expect header using mod_header early on in the request.

To remove the Expect header from the request early using mod_headers use this config directive:

<IfModule mod_headers.c>
RequestHeader unset Expect early
</IfModule>

This works because the client is not actually waiting for the "100 Continue" response and acting as if the Expect header were not set.

Best Answer

Related Solutions

Apache is not sending 304 response (if mod_deflate and AddOutputFilterByType is enabled)

Apache – Tomcat cookies not working via the ProxyPass VirtualHost

Related Topic