Question

Apache HTTP proxy work for some destination ip and receive 502 Bad Request from other destinations

Posted May 4, 2021 369 views
Apache

I’ve an HTTP proxy like this:

Listen 8240
<VirtualHost *:8240>

ProxyRequests On

<Proxy "*">
  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1
</Proxy>

</VirtualHost>

If I try an HTTP GET to an ip:

curl -v http://10.85.235.206:58000/ConnectionRequest -x 10.221.63.90:8240
* About to connect() to proxy 10.221.63.90 port 8240
*   Trying 10.221.63.90... connected
* Connected to 10.221.63.90 (10.221.63.90) port 8240
> GET http://10.85.235.206:58000/ConnectionRequest HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.85.235.206:58000
> Pragma: no-cache
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Thu, 29 Apr 2021 10:53:29 GMT
< Server: Apache/2.4.46 (Unix)
< Content-Length: 0
* Connection #0 to host 10.221.63.90 left intact
* Closing connection #0

I receive 200 OK.

To another IP:

curl -v http://10.74.170.178:58000/ConnectionRequest -x 10.221.63.90:8240 
* About to connect() to proxy 10.221.63.90 port 8240
*   Trying 10.221.63.90... connected
* Connected to 10.221.63.90 (10.221.63.90) port 8240
> GET http://10.74.170.178:58000/ConnectionRequest HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.74.170.178:58000
> Pragma: no-cache
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 502 Bad Gateway
< Date: Thu, 29 Apr 2021 10:54:36 GMT
< Server: Apache/2.4.46 (Unix)
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=iso-8859-1
< Expires: Thu, 29 Apr 2021 10:54:36 GMT
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>502 Bad Gateway</title>
</head><body>
<h1>Bad Gateway</h1>
<p>The proxy server received an invalid
response from an upstream server.<br />
</p>
</body></html>
* Connection #0 to host 10.221.63.90 left intact
* Closing connection #0

I receive 502 Bad Request. They are two different device, the first like request and respond OK, the second respond 502 but the request is the same with the same apache 2.4 http proxy. I have to update my apache configuration in order to work well also with the second device. But I don’t understand the difference. If I contact the second device directly without http proxy, it respond ok:

curl -v http://10.74.170.178:58000/ConnectionRequest 
* About to connect() to 10.74.170.178 port 58000
*   Trying 10.74.170.178... connected
* Connected to 10.74.170.178 (10.74.170.178) port 58000
> GET /ConnectionRequest HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.74.170.178:58000
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: 
< Server: Apache/2.0.40 (Red Hat Linux)
< Content-Length: 21
<          Connection: close
< Content-Type: text/plain; charset=ISO-8859-1
Connection #0 to host 10.74.170.178 left intact
* Closing connection #0

Why it doesn’t like request throw proxy ? Any help is precious. Many thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi there,

As the proxy configuration works with one server but not the other, what I could suggest is running telnet or an MTR from the 10.221.63.90 server to 10.74.170.178 on port 58000 and see if you get a successful connection.

If you have a firewall installed on one of the servers you might have to allow the connections on those specific ports.

Also do you get some more information in the Apache error log?

Regards,
Bobby

Hi Bobby, thanks for your response.
It is not a reachability problem. Both device are reachable on port 58000 with telnet. There aren’t firewall block. I suppose there is something in the http header that is different from direct request and request via apache proxy. Device doesn’t like the second and respond with 502. The scope is to find some configurations to introduce in apache proxy to simulate direct request in order to avoid 502 error.