modsecurity + auth_request hang

[chaoyun]

hi, Experts:
I meet some issue why enable modSecurity plus with auth_request + http/2.

If a request with POST data, it will hang there. But "GET" method works well.

There's a similar issue discussed in the kubernetes/ingress-nginx#1932
Disable modSecurity, it can work. Disable auth_request, it can also work. Using http1.1 can work too. Only the combination of "modSecurity"+"auth_request"+http1.1 cannot work.
Do you have any test for this case?

[chaoyun]

@defanator Hi, I see you fixed this issue #131. But with my latest test, seems it doesn't work. In your testcase, I see you use http/2, right?

[defanator]

@chaoyun in connector tests we are using both HTTP/1 and HTTP/2 where applicable. I believe there were some TODO-marked tests specifically for HTTP/2, and auth_request can be one of those. I need to refresh my memory about that topic.

[chaoyun]

@defanator Thanks for the reply. Waiting for your update. I checked the log in the modSecurity, seems it parsed the request, and there's no further log in both modSecurity and nginx. I don't know where it hung.

[zimmerle]

@chaoyun, @defanator

Is this still an issue?

[defanator]

@zimmerle last time I checked there was an issue with HTTP/2. I'll try to pick some time to refresh this one.

[zimmerle]

Thank you @defanator. Warming up a release. Checking on what could be closed.

[dcherniv]

@defanator @zimmerle just got bit by this one too. Specifically kibana is completely broken with modsecurity + oauth proxy, which is a common combination people use

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

[dcherniv]

/reopen