python - 如何解决: Truncated or oversized response headers received from daemon process

Question

我用谷歌搜索并阅读了许多网站，包括 stackoverflow 上的大部分相关文章，但我不知道如何解决这个错误:

“从守护进程接收到的响应 header 被截断或超大”

此服务器出现故障:

• Apache 2.2.15
• mod_wsgi 4.4.13

此服务器运行相同的代码但没有截断问题:

• Apache 2.4.6
• mod_wsgi 3.4

不幸的是，我无法选择升级 Apache 或降级 mod_wsgi 来让它工作。我已经尝试更改 header 缓冲区大小，但它似乎没有做任何事情(仍然失败):

http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html?highlight=truncated

header-buffer-size=nnn Defines the maximum size that a response header/value can be that is returned from a WSGI application. The default size is 32768 bytes. This might need to be overridden where excessively large response headers are returned, such as in custom authentication challenge schemes which use the WWW-Authenticate header.

关于如何解决这个问题有什么想法吗？

Chrome 开发工具输出:

响应 header :

HTTP/1.1 500 Internal Server Error Date: Wed, 07 Jun 2017 11:49:58 GMT
Server: Apache/2.2.15 (Red Hat) Content-Length: 644 Connection: close
Content-Type: text/html; charset=iso-8859-1 Request Headers view
source

请求 header :

    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Authorization:Basic 999999ZXQ0Myo=
Cache-Control:no-cache
Connection:keep-alive
Host:removed.the.url.for.security
Pragma:no-cache
Referer:https://removed.the.url.for.security/TeamStats/provstats/
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

编辑的 wsgi_ssl.conf 文件:

#get warning, already loaded
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule php5_module modules/libphp5.so
WSGISocketPrefix /var/run/wsgi
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
LDAPVerifyServerCert off
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPConnectionTimeout 5

Listen 443
<VirtualHost *:443>
    TimeOut 120

    ServerName server.name.address:443
    ServerAdmin admin@address.com

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SetEnvIf User-Agent ".*MSIE.*" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.0

    SSLCertificateFile /etc/pki/tls/certs/cert.crt
    SSLCertificateKeyFile /etc/pki/tls/private/cert.key
    SSLCertificateChainFile /etc/pki/tls/certs/cert.pem

    LogLevel error
    CustomLog /var/log/access_log combined
    ErrorLog /var/log/error_log

    WSGIPassAuthorization On
    WSGIApplicationGroup %{GLOBAL}

    DocumentRoot /var/www/html/documents
    <Directory /var/www/html/documents>
        Order allow,deny
        Allow from all
    </Directory>

    AddType text/html .php
    DirectoryIndex index.html index.php

    <FilesMatch \.php$>
        SetHandler application/x-httpd-php
    </FilesMatch>

    <Location />
        Order allow,deny
        Allow from all

        AuthType Basic
        AuthBasicProvider ldap
        AuthName "test name"
        AuthzLDAPAuthoritative on

        AuthLDAPURL "ldaps://address and parameters here"

        AuthLDAPBindDN "parameters here"
        AuthUserFile /dev/null
        AuthLDAPBindPassword password
        AuthLDAPRemoteUserAttribute sAMAccountName

        SSLRequireSSL
        Satisfy any
        #Require valid-user
    </Location>

    WSGIDaemonProcess test display-name=test threads=25 header-buffer-size=65536 inactivity-timeout=300
    WSGIScriptAlias /test /var/www/html/wsgi-scripts/test.wsgi process-group=test
    Alias /test/static /var/www/html/documents/test/static
    <Location /test>
        WSGIProcessGroup test
        Require ldap-user "username"
        Order deny,allow
        Deny from all
   </Location>
</VirtualHost>

LogLevel 设置为信息:

[Thu Jun 08 11:33:58 2017] [info] [client 0.0.0.0] mod_wsgi (pid=33568, process='test', application=''): Loading WSGI script '/var/www/html/wsgi-scripts/test.wsgi'.
[Thu Jun 08 11:34:07 2017] [error] [client 0.0.0.0] Truncated or oversized response headers received from daemon process 'test': /var/www/html/wsgi-scripts/test.wsgi, referer: https://url.address.net/test/

Answer 1

在我的例子中，我使用 aws EC2 和 eb 服务器，并且出现了相同的错误消息。仔细检查后发现这只是简单的内存错误。当我扩展我的实例时，问题就解决了。

来自 official page , 在 Elastic Beanstalk 控制台配置 EC2 实例:

1. 打开 Elastic Beanstalk 控制台。
2. 导航到您的环境的管理页面。
3. 选择配置。
4. 在实例配置卡上，选择修改

我已经尝试过上面列出的方法来解决问题，在03_scipy.config 文件中添加以下代码并将其保存到.ebextension 目录中。但是，它不起作用。

container_commands:  
  AddGlobalWSGIGroupAccess: 
    command: "if ! grep -q 'WSGIApplicationGroup %{GLOBAL}' ../wsgi.conf ; then echo 'WSGIApplicationGroup %{GLOBAL}' >> ../wsgi.conf; fi;"