Opened 3 years ago
Closed 3 years ago
#2193 closed defect (invalid)
incorrect responce code for corrupted proxied request
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.18.x |
| Keywords: | Cc: | demenev.an@… | |
| uname -a: | Linux prometheus 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-5J5hor/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module |
||
Description
Expected result: record on error log, 5xx responce
Actual result: on case of proxy cache to disk fail, responce 200 with random part of data
case to reproduce:
1 - install nginx with default config, set up reverse proxy (for grafana in my case)
2 - change user directive (in my case, from nginx to www-data)
3 - some part of /var/lib/nginx/proxy directory have previous user rights (for example - 3 directories of 10)
4 - reverse proxy send 200 ok responce and random part of data, without any errors or warnings
and only with debug_connection directive I can found, that part of cache directory has wrong file permissions.
Attachments (1)
Change History (2)
by , 3 years ago
| Attachment: | photo_2021-05-26_00-03-30.jpg added |
|---|
comment:1 by , 3 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
When nginx encounters a fatal error during processing of a request, such as in the scenario you've described when it is not possible to create a temporary file when it's needed, it is not possible to return an HTTP error, since HTTP response headers were already sent. As such, nginx logs the error and closes the connection to signal to the client that the response is terminated abnormally.
A properly written client should be able to tell that there was an error and the response wasn't completely received. If your client can't, consider reporting this to your client developers.
When the error happens, nginx logs an error message at "crit" level. It should look like this:
2021/05/25 23:53:42 [crit] 61676#100121: *4 open() "/path/to/proxy_temp/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 127.0.0.1, server: , request: "GET /t/1m HTTP/1.1", upstream: "http://127.0.0.1:8081/t/1m", host: "127.0.0.1:8080"
If you don't see such error messages, check your logging configuration, notably error_log directives in your config.
exapmle of cache directory permissions