Mark Sapiro wrote:
On 10/23/24 13:23, Gerald Vogt wrote:
I don't quite understand the relevance of the user accessing the localhost tcp port. Any local user can do that. I am trying to duplicate what Mailman does in an attempt to find the issue. I can access the template content with curl http://localhost:8000/mailman3/api/templates/list/community.lists.example.co... as well as curl http://lists.example.org/mailman3/api/templates/list/community.lists.example... as any user on the mailman server. How about curl -A 'python-requests/2.32.3' http://lists.example.org/mailman3/api/templates/list/community.lists.example...
as the Mailman user?
I have tried anything I could think of but I cannot reproduce the issue using curl as user mailman (or any other for that matter)
Going directly for localhost:8000, using some or all of the headers I can capture with tcpdump:
$ curl -v -H 'Accept-Encoding: gzip, deflate' -H 'Connection: Keep-Alive' -H 'Host: lists.example.org' -A 'python-requests/2.32.3' http://localhost:8000/mailman3/api/templates/list/community.lists.example.com/list:user:action:subscribe
as well as going through the local httpd:
$ curl -v --http1.1 -H 'Accept-Encoding: gzip, deflate' -H 'Connection: Keep-Alive' -H 'Host: lists.example.org' -A 'python-requests/2.32.3' https://lists.example.org/mailman3/api/templates/list/community.lists.example.com/list:user:action:subscribe
Running tcpdump during those runs shows me it's sending the same headers as mailman does. Thus on http protocol level it's the same, but still the server returns immediately.
What I have just noticed is that the Date header in the delayed response is the "late" time. I have even compared tcp headers from either capture. They look identical down to the frame sizes.
The only difference the last times is that with curl, the server side sends the ACK for the request and milliseconds later a PSH,ACK with the response headers. When it comes internally from mailman it sends the ACK for the request and then 5 seconds later it sends the PSH,ACK with the response headers.
Thanks,
Gerald