-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Short write errors on http.handlers.reverse_proxy #128
Comments
Hey! |
Holy cow, I was not expecting an answer that fast ;) Thanks for the hint, I just did that, caddy 2.7.6 and coraza-caddy/v2@latest, and it's not better. |
@jcchavezs @M4tteoP any chance this is related to ResponseBodyLimit buffer? @bpizzi can you confirm the response content-length? |
We faced the |
Yep so I made some additional testing. With all versions of caddy/coraza-caddy, with no With Caddy 2.7.6 and coraza-caddy/v2@latest, the https connection fails in firefox with Getting back to Caddy 2.7.3 and coraza-caddy/v2 (not That's with:
Now if I switch And I'm pretty sure there's no Otherwise I can confirm that I'm able to trigger the waf on other remotes with the same caddy/coraza-caddy stack (while having the full ~200kb content when the waf is not triggered):
|
I got similar issue here.
when upstream server return a chunked response with size > 512 KB, If I disable |
coraza/http/interceptor.go:74, 触发 BodyLimitActionReject 或者 BodyLimitActionProcessPartial 会返回 0,导致 /usr/local/go/src/net/http/httputil/reverseproxy.go:459 在调用 dst.Write 后对比 nr\nw 抛出的 short write |
Hi,
I'm building coraza-caddy/v2 against caddy 2.7.5 (inside a
caddy:2.7.5-alpine
docker image):Then I'm running this image inside a docker container and configuring it to trigger the waf on requests that are reverse proxied to a remote inside a docker network (actually an apache/php-fpm stack inside another containter):
It works well for some of my remotes, but one is always triggering
short write
errors onhttp.handlers.reverse_proxy
(I've redacted some ip/host below):In that case, there's no
http.handlers.waf
errors.I've also tried and found the almost same behavior with caddy 2.7.6 and
xcaddy build --with github.com/corazawaf/coraza-caddy@master
:http.handlers.reverse_proxy/short write
in the logs.The the best of my knowledge, the only difference with the remote not working and the others is the size of the html page: the one triggering
short write
is 914kb, whereas the (non broken) others are below 500kb.Maybe I'm missing something in the configuration for handling a large content? Or it could be not related at all to the content size, in which case I would appreciate some direction where I could investigate.
Thanks!
The text was updated successfully, but these errors were encountered: