[Bug 61464] New: mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 61464] New: mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464

            Bug ID: 61464
           Summary: mod_authnz_fcgi uses a hard-coded value of 30 sec as
                    the socket io timeout value
           Product: Apache httpd-2
           Version: 2.4.16
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

- mod_authnz_fcgi uses a hard-coded 30 sec value as the socket IO timeout value
to write to and read from a back end FCGI Authorizer application.
- While this timeout value seems sufficient, in certain cases it may not be.
- Further, instead of hard-coding this parameter, a user should have an option
to be able to configure a suitable timeout of his choice.
- If none is specified, a certain default timeout (like the request timeout of
connection timeout) needs to be used.

Steps-to-repro:

1. Sample FCGI Authorizer application which can be started with fcgistarter:
   fcgistarter -c <fcgi app name> -p 5555 -i 127.0.0.1 -N 1
   (Refer to the fcgistarter documentation)
2. Note that in the above app, a sleep of 32 secs (any value greater than 30
sec) needs to be induced to repro the issue.
3. Configure the mod_authnz_fcgi module in httpd.conf:
   LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so

Actual results:
The httpd daemon returns an HTTP 503 Service Unavailable status code back to
the client after 30 secs. However, in the back end, the authentication was
handled (success or failure).

Expected results:
- The status code as returned from the FCGI application after authentication.
- Or, HTTP 503 service unavailable if the configured timeout elapses.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464

farhanz <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from farhanz <[hidden email]> ---
Created attachment 35263
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35263&action=edit
An optional configurable socket io timeout parameter patch file for
mod_authnz_fcgi

An optional configurable socket IO timeout parameter patch file for
mod_authnz_fcgi.

This patch could be used for extending the AuthnzFcgiDefineProvider directive
to include an optional socket io timeout parameter. For e.g.:

AuthnzFcgiDefineProvider AuthnzFcgiDefineProvider authnz my-fcgi-app
fcgi://127.0.0.1:5555/ timeout=60

The above line sets the socket IO timeout to 60 secs.

If no timeout is specified, then the standard HTTP request timeout applies.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464

--- Comment #2 from farhanz <[hidden email]> ---
Created attachment 35264
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35264&action=edit
Use the request timeout directive value as the socket IO timeout value

Approach 2:

Utilise the HTTP request TimeOut directive value as the socket IO timeout
instead of the current hard-coded value of 30 secs.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464

Christophe JAILLET <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|All                         |mod_authnz_fcgi

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 61464] mod_authnz_fcgi uses a hard-coded value of 30 sec as the socket io timeout value

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61464

--- Comment #3 from [hidden email] ---
I can't seem to work it on SSL site.

my site is https://substarinc.com

Any suggestions?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]