xunker (xunker) wrote in apache,

Some Tips: "request failed: error reading the headers"

This post started out as a question, but in writing it out I figured out the problem and thought it may be of use to anyone who has the same problem since it was hard to come by information on it.

The situation: running Apache httpd 2.0 and using mod_rewrite to play low-cost load balancer to a farm of web servers. The LB machine is Redhat 9.0 with all but ports 22 and 80 firewalled. The servers on the web farm are Apache 1.3.x running, among other things, FastCGI and mod_perl.

The problem: the web servers in the far are dropping errors into the logs, once or twice a minute (but probably will be more by morning load) to the tune of "request failed: error reading the headers".

It seems to be a very select problem -- there are few relevant mentions of this one usenet or even the web, and many are reports of worms or the posts were never followed up on. I was ready to give up and blame httpd 2.0 or mod_perl. But...

I did some checking and creative grepping on my error and access logs on both the LB and the webheads and found something interesting. The errant requests were being passed from the httpd 2.0 front end, but the errors weren't directly caused by it.

Instead I found that these are errors cause by someone issuing a "proxy request" to my site; but since the load balancer is not (anymore) configured as a proxy, it passes those "CONNECT // HTTP/1.1" requests to the webheads. The webheads in turn either don't do proxying or have it disabled and thus throw errors: "request failed: error reading the headers".

This can be proved by running tail -f /var/log/httpd/error_log | grep headers in one window and tail -f /var/log/httpd/access_log | grep CONNECT in another -- whenever an "error reading the headers" message appears, a CONNECT message will also appear in the access log and they both will have the same timestamp.

So in the end, in cases such as this, these errors are safe to be ignored. But for the sake of the Internet and you pocketbook, make sure your install of Apache isn't configured as an open proxy :)

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment