relayd gives 4xx errors on backend http protocol errors

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

relayd gives 4xx errors on backend http protocol errors

Nick Guenther-2
>Synopsis: relayd gives 4xx errors on backend http protocol errors, but should give 5xx
>Category: system
>Environment:
        System      : OpenBSD 6.6
        Details     : OpenBSD 6.6 (GENERIC.MP) #372: Sat Oct 12 10:56:27 MDT 2019
                         [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

        Architecture: OpenBSD.amd64
        Machine     : amd64

>Description:

        When proxying HTTP, if relayd receives invalid HTTP from a backend server
        it reports either "406 Not Acceptable" or "400 Bad Request", depending.
        Both of theses codes imply that the /user/ did something wrong, but in
        fact the server faulted so it should be a "500 Internal Server Error".

>How-To-Repeat:

        ```
        $ cat > relayd.conf <<EOF                                                                                                        
        table <web> { "127.0.0.1" }

        http protocol web {
                # Return HTTP/HTML error pages to the client
                return error
        }

        relay web {
                listen on 0.0.0.0 port 80

                protocol web
                forward to <web> port 8080
        }
        EOF
        $ doas relayd -f relayd.conf
        ```

        i. No backend => 500 Internal Server Error (expected)

        ```
        $ curl -f http://localhost/ 
        curl: (22) The requested URL returned error: 500 Internal Server Error
        ```

        ii. "" => 406 Not Acceptable (bug!)

        ```
        $ echo | nc -v -l 8080 >/dev/null
        Listening on 0.0.0.0 8080
        Connection received on localhost 11230
        ```

        ```
        $ curl -f http://localhost/ 
        curl: (22) The requested URL returned error: 406 Not Acceptable
        ```

        iii. invalid content => 400 Bad Request (bug!)

        Here we pretend we accidentally proxied to an ssh server instead of http:

        ```
        $ echo "SSH-2.0-OpenSSH_6.2" | nc -v -l 8080 >/dev/null
        Listening on 0.0.0.0 8080
        Connection received on localhost 7965
        ```

        ```
        $ curl -f http://localhost/ 
        curl: (22) The requested URL returned error: 400 Bad Request
        ```

        iv. valid http => 200 OK (expected)

        ```
        $ nc -v -l 8080 > /dev/null <<EOF
        HTTP/1.1 200 OK
        Content-Length: 10

        123456789
        EOF
        Listening on 0.0.0.0 8080
        Connection received on localhost 18690
        ```

        ```
        $ curl -f http://localhost/ 
        123456789
        ```