DevHeads.net

Odd Date in http2 header

I just enabled http2 on our server and tested using curl. The test page is
a static html page with nothing but some random characters on it, and no
css or other secondary accesses.

The protocol line is set to allow http2
Protocols h2 h2c http/1.1

Everything seems to work with the exception of the date. The first file
following is the result of a curl head request BEFORE activating mod_http2
and the second one is after doing so. No other change to the httpd.conf
file.

curl --http2 -I <a href="http://192.168.1.6:/yrarc/yrex0001.html" title="http://192.168.1.6:/yrarc/yrex0001.html">http://192.168.1.6:/yrarc/yrex0001.html</a>
HTTP/1.1 200 OK
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 26 Mar 2017 03:12:45 GMT
ETag: "c14-54b9999bf581b"
Accept-Ranges: bytes
Content-Length: 3092
Content-Type: text/html

curl --http2 -I <a href="http://192.168.1.6:/yrarc/yrex0001.html" title="http://192.168.1.6:/yrarc/yrex0001.html">http://192.168.1.6:/yrarc/yrex0001.html</a>
HTTP/1.1 101 Switching Protocols
Upgrade: h2c
Connection: Upgrade

HTTP/2 200
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Sun, 26 Mar 2017 03:12:45 GMT
etag: W/"c14-54b9999bf581b"
accept-ranges: bytes
content-length: 3092
content-type: text/html

Does anyone know why the date (arrowed) should be wrong and if it would
make any difference in the server operation? Or maybe what am I missing?

Thanks.

John
=====================================

Comments

Re: Odd Date in http2 header

By Konstantin Kolinko at 04/07/2017 - 03:53

2017-04-07 7:19 GMT+03:00 John Iliffe <john. ... at iliffe dot ca>:
1. What is exact version of your server?

2. If you say that "No other change to the httpd.conf file", what
caused the difference in ETag value?

3. Overall, this is strange.
If you do an HTTP/1.1 request (using curl without "--http2" flag),
does it respond with a correct Date header?

4. I wonder, whether the behaviour is affected by H2SerializeHeaders directive.
<a href="http://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2serializeheaders" title="http://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2serializeheaders">http://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2serializeheaders</a>

Best regards,
Konstantin Kolinko

Re: Odd Date in http2 header

By John Iliffe at 04/07/2017 - 11:28

On Friday 07 April 2017 03:53:55 Konstantin Kolinko wrote:
apache-2.4.25 compiled from source running on Fedora 25
The only change I made was to uncomment the line:

LoadModule http2_module modules/mod_http2.so

the Protocol line was already present, but as noted in the docs ignores
protocols that are not available.
curl -I <a href="http://192.168.1.6:/yrarc/yrex0001.html" title="http://192.168.1.6:/yrarc/yrex0001.html">http://192.168.1.6:/yrarc/yrex0001.html</a>
HTTP/1.1 200 OK
Server: Apache
X-Frame-Options: SAMEORIGIN
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Sun, 26 Mar 2017 03:12:45 GMT
ETag: "c14-54b9999bf581b"
Accept-Ranges: bytes
Content-Length: 3092
Content-Type: text/html
The H2SerializeHeaders directive is not present so it is taking the default
of off. I added it with the following result:

curl --http2 -I <a href="http://192.168.1.6:/yrarc/yrex0001.html" title="http://192.168.1.6:/yrarc/yrex0001.html">http://192.168.1.6:/yrarc/yrex0001.html</a>
HTTP/1.1 101 Switching Protocols
Upgrade: h2c
Connection: Upgrade

HTTP/2 200
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Sun, 26 Mar 2017 03:12:45 GMT
etag: "c14-54b9999bf581b"
accept-ranges: bytes
content-length: 3092
content-type: text/html

Re: Odd Date in http2 header

By Stefan Eissing at 04/08/2017 - 03:37

Hmm, interesting. I left H2SerializeHeaders in just for the case someone
runs into incompatibilities with the standard mod_http2 method. I almost
was about to rip it our since, until now, no one reported any differences.

I'd like to understand what is going on in your system and causing this
difference. I would guess that some module inserts a filter into request
processing that mod_http2 has trouble working with.

For example, where is that X-Frame-Options coming from? Do you
have just "standard" modules enabled? Would you mind reducing your
config for a vhost to the minimal set that still causes the problems and
share that?

Thanks!

-Stefan

Re: Odd Date in http2 header

By John Iliffe at 04/09/2017 - 13:53

Thanks for the response Stefan. Much appreciated.

The following results are from a vhost with the following configuration;
just the default vhost on a named virtual host system.

This is in the main server configuration and is REQUIRED by the e-commerce
folks (PCIA) to get a clean scan report ;-(

This is the first, therefore default, named virtual host entry. It is just
our test server so it has a plain vanilla configuration.

# Default host (<a href="http://www.iliffe.ca" title="www.iliffe.ca">www.iliffe.ca</a>)
# This one picks up all IP based hacker garbage too
<VirtualHost *:80>
ServerName <a href="http://www.iliffe.ca" title="www.iliffe.ca">www.iliffe.ca</a>
DocumentRoot /httpd/iliffe
Options FollowSymLinks
H2Direct on
</VirtualHost>
All the following were taken with:

In all cases the "H2SerializeHeaders on" directive is commented out.

First try, mod_http2 is active and the connect changes to http2. Note that
date is wrong and etag value is preceded by 'W/'

HTTP/2 200
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Mon, 03 Apr 2017 19:10:31 GMT
etag: W/"38a-54c47e9be9bda"
accept-ranges: bytes
content-length: 906
content-type: text/html
Following taken with mod_http2 commented out and "H2Direct on" directive in
all virtual hosts commented out (O/W it is a syntax error). Note that the
date is correct.
Now I uncomment mod_http2, "H2Direct on" and "H2SerializeHeaders on" Note
that the date is now correct again.

HTTP/2 200
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Mon, 03 Apr 2017 19:10:31 GMT
etag: "38a-54c47e9be9bda"
accept-ranges: bytes
content-length: 906
content-type: text/html
Hope that helps!

John
========================================
On Saturday 08 April 2017 03:37:25 Stefan Eissing wrote: