Elastica icon indicating copy to clipboard operation
Elastica copied to clipboard
verified publisher icon ruflin

Sending two requests for establishing a new connection with authentication

Open HamoonDBA opened this issue 5 years ago • 1 comments

We have an Elastic cluster that uses basic authentication.

Our PHP application uses Elastica to connect to the elastic server.

Today I found a strange problem in the application

It seems when we execute a query on elastic, Elastica first tries to establish a connection without credentials and when it got a credential error, It tries again to use the credentials.

We saw this behavior on the access log web server.

I have attached an image of the log.

image

As you see at first it got 401 status code, then it sent the second request (with credentials) and it got 400 status code which is Ok (because in my example code I wrote a wrong query).

Plus you can see the example code that generates this log.

require_once 'vendor/autoload.php';`
use Elastica\Client;`
$config = [`
    'host' => 'localhost',`
    'port' => 9200,`
    'username' => 'root',
    'password' => 'root',
];
$client = new Client($config);


$search = new Elastica\Search($client);

$search
    ->addIndex('Test');


$query = new Elastica\Query();

$query
    ->setFrom(50)
    ->setSize(10)
    ->setSort(['name' => 'asc'])
    ->setSource(['obj1.*', 'obj2.'])
    ->setHighlight(['fields' => 'content'])
    ->setExplain(true)
    ->setVersion(true)

    ->setMinScore(0.5);

$search->setQuery($query);

$numberOfEntries = $search->count();

This behavior is just like a browser. when you try to connect to elastic with your browser, first it tries to connect without credentials, then it will show the pop up to enter the username and password.

This is a very big problem especially when you have a lot of concurrent connections. For example, 100 queries will establish 200 connections on elastic.

HamoonDBA avatar Jul 29 '20 19:07 HamoonDBA

I have found the problem. Look at this line: https://github.com/ruflin/Elastica/blob/98b2f9d6c72edf1bd9c7337576d303f644a6d82a/src/Transport/Http.php#L107 There isn't a config to set the type of auth. So when you set CURLOPT_HTTPAUTH to CURLAUTH_ANY, curl will send the first request to get the type of auth.

My colleague is going to fix the problem and send a pull request. Thanks

HamoonDBA avatar Jul 30 '20 06:07 HamoonDBA