Bug 14246 - download.samba.org closes HTTP connection when TE header is sent
Summary: download.samba.org closes HTTP connection when TE header is sent
Status: RESOLVED FIXED
Alias: None
Product: Samba Web
Classification: Unclassified
Component: content (show other bugs)
Version: current
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Björn Jacke
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-23 08:26 UTC by Mathieu Parent
Modified: 2020-01-24 00:32 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mathieu Parent 2020-01-23 08:26:56 UTC 
With the following query, the webserver abruptly closes the connection:

(cat ; sleep 2) <<EOF | openssl s_client -connect download.samba.org:443
GET /pub/samba/ HTTP/1.1
TE: deflate, gzip;q=0.3
Connection: TE, close
Host: download.samba.org
User-Agent: Debian uscan

EOF

This one works:

(cat ; sleep 2) <<EOF | openssl s_client -connect download.samba.org:443
GET /pub/samba/ HTTP/1.1
Host: download.samba.org
User-Agent: Debian uscan

EOF

The reason is probably related to HTTP/2 were the "TE" header is forbidden unless set to "traillers".

Refs:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/TE
- https://tools.ietf.org/html/rfc7540#section-8.1.2.2


What is the webserver used?

If there is a reverse-proxy, it should probably drop TE headers unconditionally.

On Apache:

RequestHeader unset TE

On nginx:

proxy_set_header TE "";

Refs:
- http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
- https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
Comment 1 Björn Jacke 2020-01-24 00:32:46 UTC 
Thanks for the good report! I reported this upstream for haproxy (https://github.com/haproxy/haproxy/issues/464) and added workaround for now here.