503 instead of 401 on webdav PUT without credentials

Nextcloud version: 20.0.4
Operating system and version: FreeBSD 12.2
Apache or nginx version: Apache/2.4.46
PHP version: 7.4.12 (fpm)

The issue you are facing:

I first noticed this when keepass2android was syncing the database. This client attempts a PUT without authentication headers and only includes those headers after receiving a 401.

The 401 is returned by php. Depending of the size of the PUT body, the result can be returned by php to apache while apache is still sending the body of the request. php will proceed to close the socket, causing apache to see a broken pipe. End-result is the client receives a 503 instead of a 401 and aborts.

I’m currently working around the issue by inserting a sleep if it is a PUT request without authentication headers.

Steps to replicate it:

  1. Create (or find) a sufficiently large file (I’m seeing it with a 120kB file over the network. Running this on the webserver itself probably requires a file of several MB. YMMV)
  2. PUT the file, eg curl -vT file https://nextcloud/remote.php/webdav/file

The output of your Nextcloud log in Admin > Logging:

nextcloud log contains no new entries when this happens. This doesn’t suprise me. All nextcloud itself sees is an unauthorized attempt to upload a file.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '*',
  'passwordsalt' => '*',
  'secret' => '*',
  'trusted_domains' => 
  array ( 0 => 'myfqdn',),
  'datadirectory' => '[...]data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => 'my url',
  'dbname' => '*',
  'dbhost' => '*',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '*',
  'dbpassword' => '*',
  'installed' => true,
  'mail_from_address' => 'nextcloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => '*',
  'updater.secret' => '*',
  'maintenance' => false,
  'loglevel' => 2,

The output of your Apache/nginx/system log in /var/log/____:

[proxy_fcgi:error] [pid 24785] (32)Broken pipe: [client x.x.x.x:37128] AH01075: Error dispatching request to : (sending stdin)
1 Like