I have had several observations of Safari 8 and 9 sending POST requests to two different Apache 2.2.22 instances which are then passed on to a back-end REST API as GET requests. These happen sporadically, maybe once out of a hundred or more requests.
What I know for sure
- The client sends a POST request.
- In the instance I was able to capture in Wire Shark the HTTP request was broken into two TCP segments; the first containing all of the message headers including the blank line, the second the complete JSON body. Capture data included below.
- Apache logs the request as a GET. The GET request is handed to our REST API, which returns an error (response code 500 is user erroneously, it should be a 405) notifying the user that a POST was expected but a GET was received. Log example included below.
- Most of the messages I captured coming from the client around the one problematic observation were likewise broken into two TCP segments with the full header in the first and the body in the second. These POST requests were logged as POSTs by Apache and processed correctly.
Weak Assumptions
- This is only happening in Safari. The QA person reporting the problem works primarily in Firefox and occasionally in Safari 9 and Chrome; in any case, she is using El Capitan. A developer was able to reproduce the problem, but only in Safari 8 on Yosemite. The problem has never manifested in any browser but Safari.
- The problem manifests in Apache 2.2.22 but not Apache 2.4.16. The above observation occurred on two distinct Apache 2.2.22 instances. No attempts to recreate the problem, including using the hosts and clients mentioned above, were successful on an Apache 2.4 server.
Tinfoil-Hat Observations
- The content length of the misbehaving request was 123 bytes.
- The bad message was sent at precisely noon.
I am somewhat concerned here. I will be hard pressed to require that all of our customers upgrade from Apache 2.2 to 2.4 and I am in no way able to tell them they cant use Safari. Am I missing something obvious? Can anyone provide pointers that might help my investigation? Thanks in advance.
DETAILS FOLLOW
TCP Segment 1
0000 78 e3 b5 c6 2f 84 a8 86 dd 8d f5 3a 08 00 45 00 x.../......:..E.
0010 02 07 ee 8c 40 00 40 06 c7 5a c0 a8 00 bd c0 a8 ....@.@..Z......
0020 00 fc eb be 00 50 af 66 92 92 1e 67 2e a0 80 18 .....P.f...g....
0030 10 00 dd 1c 00 00 01 01 08 0a 33 9f f8 f4 91 af ..........3.....
0040 75 0d 50 4f 53 54 20 2f 70 69 7a 7a 61 2f 72 65 u.POST /pizza/re
0050 73 74 2f 61 6c 6c 6f 63 61 74 69 6f 6e 2f 75 70 st/allocation/up
0060 64 61 74 65 3f 63 6f 75 6e 74 65 72 3d 34 30 20 date?counter=40
0070 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 HTTP/1.1..Host:
0080 31 39 32 2e 31 36 38 2e 30 2e 32 35 32 0d 0a 43 192.168.0.252..C
0090 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 ontent-Type: app
00a0 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 0d 0a 4f lication/json..O
00b0 72 69 67 69 6e 3a 20 68 74 74 70 3a 2f 2f 31 39 rigin: http://19
00c0 32 2e 31 36 38 2e 30 2e 32 35 32 0d 0a 43 6f 6e 2.168.0.252..Con
00d0 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 33 tent-Length: 123
00e0 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 ..Connection: ke
00f0 65 70 2d 61 6c 69 76 65 0d 0a 41 63 63 65 70 74 ep-alive..Accept
0100 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 : application/js
0110 6f 6e 2c 20 74 65 78 74 2f 70 6c 61 69 6e 2c 20 on, text/plain,
0120 2a 2f 2a 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a */*..User-Agent:
0130 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 4d 61 Mozilla/5.0 (Ma
0140 63 69 6e 74 6f 73 68 3b 20 49 6e 74 65 6c 20 4d cintosh; Intel M
0150 61 63 20 4f 53 20 58 20 31 30 5f 31 30 5f 34 29 ac OS X 10_10_4)
0160 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 36 30 30 AppleWebKit/600
0170 2e 37 2e 31 32 20 28 4b 48 54 4d 4c 2c 20 6c 69 .7.12 (KHTML, li
0180 6b 65 20 47 65 63 6b 6f 29 20 56 65 72 73 69 6f ke Gecko) Versio
0190 6e 2f 38 2e 30 2e 37 20 53 61 66 61 72 69 2f 36 n/8.0.7 Safari/6
01a0 30 30 2e 37 2e 31 32 0d 0a 52 65 66 65 72 65 72 00.7.12..Referer
01b0 3a 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 : http://192.168
01c0 2e 30 2e 32 35 32 2f 70 69 7a 7a 61 2f 70 69 72 .0.252/pizza/pir
01d0 2f 70 69 72 2e 68 74 6d 6c 0d 0a 41 63 63 65 70 /pir.html..Accep
01e0 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 t-Language: en-u
01f0 73 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 s..Accept-Encodi
0200 6e 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 ng: gzip, deflat
0210 65 0d 0a 0d 0a e....
TCP Segment 2
0000 78 e3 b5 c6 2f 84 a8 86 dd 8d f5 3a 08 00 45 00 x.../......:..E.
0010 00 af f1 6e 40 00 40 06 c5 d0 c0 a8 00 bd c0 a8 ...n@.@.........
0020 00 fc eb be 00 50 af 66 94 65 1e 67 2e a1 80 18 .....P.f.e.g....
0030 10 00 fc d6 00 00 01 01 08 0a 33 9f f9 46 91 af ..........3..F..
0040 79 f0 7b 22 6f 69 64 22 3a 34 34 33 35 32 33 30 y.{"oid":4435230
0050 37 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 7,"properties":{
0060 22 72 65 74 75 72 6e 54 69 6d 65 22 3a 22 32 30 "returnTime":"20
0070 31 35 2d 31 31 2d 31 31 54 31 32 3a 30 31 3a 30 15-11-11T12:01:0
0080 30 2d 30 36 3a 30 30 22 7d 2c 22 73 65 73 73 69 0-06:00"},"sessi
0090 6f 6e 69 64 22 3a 22 33 44 44 32 45 43 30 42 2d onid":"3DD2EC0B-
00a0 42 32 46 36 2d 34 37 46 33 2d 38 38 44 42 2d 30 B2F6-47F3-88DB-0
00b0 31 41 35 37 42 34 38 45 30 45 39 22 7d 1A57B48E0E9"}
Reassembled HTTP Request
0000 50 4f 53 54 20 2f 70 69 7a 7a 61 2f 72 65 73 74 POST /pizza/rest
0010 2f 61 6c 6c 6f 63 61 74 69 6f 6e 2f 75 70 64 61 /allocation/upda
0020 74 65 3f 63 6f 75 6e 74 65 72 3d 34 30 20 48 54 te?counter=40 HT
0030 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 TP/1.1..Host: 19
0040 32 2e 31 36 38 2e 30 2e 32 35 32 0d 0a 43 6f 6e 2.168.0.252..Con
0050 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 tent-Type: appli
0060 63 61 74 69 6f 6e 2f 6a 73 6f 6e 0d 0a 4f 72 69 cation/json..Ori
0070 67 69 6e 3a 20 68 74 74 70 3a 2f 2f 31 39 32 2e gin: http://192.
0080 31 36 38 2e 30 2e 32 35 32 0d 0a 43 6f 6e 74 65 168.0.252..Conte
0090 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 33 0d 0a nt-Length: 123..
00a0 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 Connection: keep
00b0 2d 61 6c 69 76 65 0d 0a 41 63 63 65 70 74 3a 20 -alive..Accept:
00c0 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e application/json
00d0 2c 20 74 65 78 74 2f 70 6c 61 69 6e 2c 20 2a 2f , text/plain, */
00e0 2a 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d *..User-Agent: M
00f0 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 4d 61 63 69 ozilla/5.0 (Maci
0100 6e 74 6f 73 68 3b 20 49 6e 74 65 6c 20 4d 61 63 ntosh; Intel Mac
0110 20 4f 53 20 58 20 31 30 5f 31 30 5f 34 29 20 41 OS X 10_10_4) A
0120 70 70 6c 65 57 65 62 4b 69 74 2f 36 30 30 2e 37 ppleWebKit/600.7
0130 2e 31 32 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 .12 (KHTML, like
0140 20 47 65 63 6b 6f 29 20 56 65 72 73 69 6f 6e 2f Gecko) Version/
0150 38 2e 30 2e 37 20 53 61 66 61 72 69 2f 36 30 30 8.0.7 Safari/600
0160 2e 37 2e 31 32 0d 0a 52 65 66 65 72 65 72 3a 20 .7.12..Referer:
0170 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 30 http://192.168.0
0180 2e 32 35 32 2f 70 69 7a 7a 61 2f 70 69 72 2f 70 .252/pizza/pir/p
0190 69 72 2e 68 74 6d 6c 0d 0a 41 63 63 65 70 74 2d ir.html..Accept-
01a0 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 0d Language: en-us.
01b0 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 .Accept-Encoding
01c0 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d : gzip, deflate.
01d0 0a 0d 0a 7b 22 6f 69 64 22 3a 34 34 33 35 32 33 ...{"oid":443523
01e0 30 37 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 07,"properties":
01f0 7b 22 72 65 74 75 72 6e 54 69 6d 65 22 3a 22 32 {"returnTime":"2
0200 30 31 35 2d 31 31 2d 31 31 54 31 32 3a 30 31 3a 015-11-11T12:01:
0210 30 30 2d 30 36 3a 30 30 22 7d 2c 22 73 65 73 73 00-06:00"},"sess
0220 69 6f 6e 69 64 22 3a 22 33 44 44 32 45 43 30 42 ionid":"3DD2EC0B
0230 2d 42 32 46 36 2d 34 37 46 33 2d 38 38 44 42 2d -B2F6-47F3-88DB-
0240 30 31 41 35 37 42 34 38 45 30 45 39 22 7d 01A57B48E0E9"}
Apache Log Entry
192.168.0.189 - - [10/Nov/2015:12:00:00 -0600] "GET /pizza/rest/allocation/update?counter=40 HTTP/1.1" 500 4346 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/600.7.12 (KHTML, like Gecko) Version/8.0.7 Safari/600.7.12"
