relayd mixes up hosts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

relayd mixes up hosts

Anthony J. Bentley-4
Hi,

I have httpd running two servers on two different ports:

    server "a" {
            listen on * port 8080
            root "/foo"
    }

    server "b" {
            listen on * port 8081
            root "/bar"
    }

/var/www/foo/ contains foo.html, and /var/www/bar/ contains bar.html.

I have relayd in front serving https, and redirecting requests to
/foo.html and /bar.html to the appropriate port:

    table <web1> { 127.0.0.1 }
    table <web2> { 127.0.0.1 }

    http protocol myremote {
            return error
            pass
            match request path "/foo.html" forward to <web1>
            match request path "/bar.html" forward to <web2>
    }

    relay example.com {
            listen on example.com port 443 tls
            protocol myremote

            forward to <web1> check tcp port 8080
            forward to <web2> check tcp port 8081
    }

If I use wget(1) to request foo.html and bar.html separately, it works:


$ wget https://example.com/foo.html; wget https://example.com/bar.html
--2018-11-14 03:16:21--  https://example.com/foo.html
Resolving example.com (example.com)... 192.168.2.15
Connecting to example.com (example.com)|192.168.2.15|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40 [text/html]
Saving to: ‘foo.html’

foo.html            100%[===================>]      40   201 B/s    in 0.2s    

2018-11-14 03:16:21 (201 B/s) - ‘foo.html’ saved [40/40]

--2018-11-14 03:16:21--  https://example.com/bar.html
Resolving example.com (example.com)... 192.168.2.15
Connecting to example.com (example.com)|192.168.2.15|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40 [text/html]
Saving to: ‘bar.html’

bar.html            100%[===================>]      40   206 B/s    in 0.2s    

2018-11-14 03:16:22 (206 B/s) - ‘bar.html’ saved [40/40]


However, if I make two requests from the same connection, relayd only
forwards to the first host:


$ wget https://example.com/foo.html https://example.com/bar.html
--2018-11-14 03:18:14--  https://example.com/foo.html
Resolving example.com (example.com)... 192.168.2.15
Connecting to example.com (example.com)|192.168.2.15|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40 [text/html]
Saving to: ‘foo.html’

foo.html            100%[===================>]      40  --.-KB/s    in 0s      

2018-11-14 03:18:14 (4.24 MB/s) - ‘foo.html’ saved [40/40]

--2018-11-14 03:18:14--  https://example.com/bar.html
Reusing existing connection to example.com:443.
HTTP request sent, awaiting response... 404 Not Found
2018-11-14 03:18:14 ERROR 404: Not Found.

FINISHED --2018-11-14 03:18:14--
Total wall clock time: 0.07s
Downloaded: 1 files, 40 in 0s (4.24 MB/s)

--
Anthony J. Bentley

Reply | Threaded
Open this post in threaded view
|

Re: relayd mixes up hosts

Claudio Jeker-3
On Wed, Nov 14, 2018 at 03:20:59AM -0700, Anthony J. Bentley wrote:

> Hi,
>
> I have httpd running two servers on two different ports:
>
>     server "a" {
>             listen on * port 8080
>             root "/foo"
>     }
>
>     server "b" {
>             listen on * port 8081
>             root "/bar"
>     }
>
> /var/www/foo/ contains foo.html, and /var/www/bar/ contains bar.html.
>
> I have relayd in front serving https, and redirecting requests to
> /foo.html and /bar.html to the appropriate port:
>
>     table <web1> { 127.0.0.1 }
>     table <web2> { 127.0.0.1 }
>
>     http protocol myremote {
>             return error
>             pass
>             match request path "/foo.html" forward to <web1>
>             match request path "/bar.html" forward to <web2>
>     }
>
>     relay example.com {
>             listen on example.com port 443 tls
>             protocol myremote
>
>             forward to <web1> check tcp port 8080
>             forward to <web2> check tcp port 8081
>     }
>
> If I use wget(1) to request foo.html and bar.html separately, it works:
>
>
> $ wget https://example.com/foo.html; wget https://example.com/bar.html
> --2018-11-14 03:16:21--  https://example.com/foo.html
> Resolving example.com (example.com)... 192.168.2.15
> Connecting to example.com (example.com)|192.168.2.15|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 40 [text/html]
> Saving to: ‘foo.html’
>
> foo.html            100%[===================>]      40   201 B/s    in 0.2s    
>
> 2018-11-14 03:16:21 (201 B/s) - ‘foo.html’ saved [40/40]
>
> --2018-11-14 03:16:21--  https://example.com/bar.html
> Resolving example.com (example.com)... 192.168.2.15
> Connecting to example.com (example.com)|192.168.2.15|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 40 [text/html]
> Saving to: ‘bar.html’
>
> bar.html            100%[===================>]      40   206 B/s    in 0.2s    
>
> 2018-11-14 03:16:22 (206 B/s) - ‘bar.html’ saved [40/40]
>
>
> However, if I make two requests from the same connection, relayd only
> forwards to the first host:
>
>
> $ wget https://example.com/foo.html https://example.com/bar.html
> --2018-11-14 03:18:14--  https://example.com/foo.html
> Resolving example.com (example.com)... 192.168.2.15
> Connecting to example.com (example.com)|192.168.2.15|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 40 [text/html]
> Saving to: ‘foo.html’
>
> foo.html            100%[===================>]      40  --.-KB/s    in 0s      
>
> 2018-11-14 03:18:14 (4.24 MB/s) - ‘foo.html’ saved [40/40]
>
> --2018-11-14 03:18:14--  https://example.com/bar.html
> Reusing existing connection to example.com:443.
> HTTP request sent, awaiting response... 404 Not Found
> 2018-11-14 03:18:14 ERROR 404: Not Found.
>
> FINISHED --2018-11-14 03:18:14--
> Total wall clock time: 0.07s
> Downloaded: 1 files, 40 in 0s (4.24 MB/s)
>

Known bug, relayd does select the forwarding host only at connection time.
After that the connection is kept for all requests. So keep-alive sessions
will behave differently and route stuff wrong considering your ruleset.
You have to turn of keep-alive to make this work with relayd. Sorry.

--
:wq Claudio