Bug 121402

Summary:	data loss with apache-2.0.55 reverse proxy method=post
Product:	Gentoo Linux	Reporter:	Thomas Stein <himbeere>
Component:	Current packages	Assignee:	Apache Team - Bugzilla Reports <apache-bugs>
Status:	RESOLVED UPSTREAM
Severity:	normal	CC:	elwood, farcepest
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://issues.apache.org/bugzilla/show_bug.cgi?id=37145
Whiteboard:
Package list:		Runtime testing required:	---

Description Thomas Stein 2006-02-03 00:34:36 UTC

Hello.

There is a bug in apache 2.0 which leads to data loss with mod_proxy. 
http://issues.apache.org/bugzilla/show_bug.cgi?id=37145

The downloadable Patch solves this problem.

regards
t.

Comment 1 Michael Stewart (vericgar) (RETIRED) gentoo-dev

2006-02-03 18:13:23 UTC

2.0.56 should be out real soon now, which addresses this problem.

Comment 2 Jakub Moc (RETIRED) gentoo-dev

2006-02-06 11:03:24 UTC

*** Bug 121853 has been marked as a duplicate of this bug. ***

Comment 3 Nick Fankhauser 2006-04-20 01:59:03 UTC

Anyone know when the new apache will be in portage? Is there any fix possible without patching apache by hand?

Comment 4 Andy Dustman 2006-04-20 04:25:44 UTC

Oh yeah, it's "real soon now" as of early February.

The workaround I found is to install mod_security, which is probably a good idea anyway. mod_security pre-filters all requests so it avoids the mod_proxy breakage  which seems to related to how it handles streams.

Note that the default Gentoo mod_security configuration file breaks all kinds of things, and you should comment out/delete almost all the rules (most of them are nonsense, or examples of what you can do but probably shouldn't), and use something like the ruleset at modsecurity.org.

http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/aa-recommended_configuration.html

Comment 5 Nick Fankhauser 2006-04-20 11:13:46 UTC

Thanks a lot, that really fixed it and everythink still seems to work with mod_security!