← Back to team overview

enterprise-support team mailing list archive

[Bug 1842701] [NEW] Apache2 Balancer Manager mod_proxy_balancer not working after Update

 

Public bug reported:

OS

Description:    Ubuntu 18.04.3 LTS
Release:        18.04
Codename:       bionic


I use this kind of configuration to reache the Balancer Manager.

 -------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
 -------------

After Apache Update

from: 2.4.29-1ubuntu4.8
to:   2.4.29-1ubuntu4.10

The Balancer Manager behind a Proxy is not Working and i think this is comming with
the fix CVE-2019-10092

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.29-1ubuntu4.10/changelog


I strip down the configuration to try and explain the situation.

Install new Ubuntu 18.04 VirtualBox. From an another VM i saved the prior
Apache Packages from /var/cache/apt/archives

:~# apt-get install libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
:~# dpkg -i apache2_2.4.29-1ubuntu4.8_amd64.deb apache2-bin_2.4.29-1ubuntu4.8_amd64.deb apache2-data_2.4.29-1ubuntu4.8_all.deb apache2-utils_2.4.29-1ubuntu4.8_amd64.deb

:~# dpkg -l | grep apache2
ii  apache2          2.4.29-1ubuntu4.8   amd64        Apache HTTP Server
ii  apache2-bin      2.4.29-1ubuntu4.8   amd64        Apache HTTP Server (modules and other binary files)
ii  apache2-data     2.4.29-1ubuntu4.8   all          Apache HTTP Server (common files)
ii  apache2-utils    2.4.29-1ubuntu4.8   amd64        Apache HTTP Server (utility programs for web servers)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

:~# vim /etc/apache2/sites-available/management.conf
<VirtualHost 192.168.56.211:81 127.0.0.1:81>
    Servername 127.0.0.1
    ServerAdmin root@localhost

    <Location /balancer-manager>
        SetHandler balancer-manager
        Require local
        #Require ip 192.168.56.0/24 127.0.0.1/24
        Require all granted
    </Location>

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/management_error.log
    CustomLog ${APACHE_LOG_DIR}/management_access.log combined

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

:~# vim /etc/apache2/sites-available/proxytest.conf
<Proxy "balancer://test">
        BalancerMember "http://192.168.168.130/test";
        BalancerMember "http://192.168.168.131/test"; status=+H
        ProxySet lbmethod=bybusyness
</Proxy>

<VirtualHost 127.0.0.1:8100>
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100

    ProxyPass           "/test" "balancer://test"
    ProxyPassReverse    "/test" "balancer://test"

    CustomLog ${APACHE_LOG_DIR}/test-access.log combined
    ErrorLog  ${APACHE_LOG_DIR}/test-error.log

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

:~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
:~# a2ensite management proxytest

:~# vim /etc/apache2/ports.conf
[...]
Listen 81
Listen 8100

:~# systemctl restart apache2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

At that point i install also some console Browsers for testing.

:~# apt-get install lynx elinks

:~# tail -f /var/log/apache2/management_error.log

:~# elinks 127.0.0.1:81/balancer-manager
:~# lynx 127.0.0.1:81/balancer-manager

i can do update the Load and made changes. i also connect from outside with
Firefox

http://192.168.56.211:81/balancer-manager

all this creates no error log entrys, the log is still empty

-------------------------------------------------------------------------

update apache

:~# apt-get update
:~# apt-get upgrade

:~# dpkg -l | grep apache2
ii  apache2        2.4.29-1ubuntu4.10  amd64        Apache HTTP Server
ii  apache2-bin    2.4.29-1ubuntu4.10  amd64        Apache HTTP Server (modules and other binary files)
ii  apache2-data   2.4.29-1ubuntu4.10  all          Apache HTTP Server (common files)
ii  apache2-utils  2.4.29-1ubuntu4.10  amd64        Apache HTTP Server (utility programs for web servers)


do the same with all the Browsers and have the error log in view.

http://192.168.56.211:81/balancer-manager

:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:24:55.740457 2019] [proxy_balancer:error] [pid 14297:tid 140056626964224] [client 192.168.56.1:3432] AH10187: ignoring params in balancer-manager cross-site access

:~# elinks 127.0.0.1:81/balancer-manager

:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:27:45.423011 2019] [proxy_balancer:error] [pid 14669:tid 140254539364096] [client 127.0.0.1:42836] AH10187: ignoring params in balancer-manager cross-site access


Firefox and elinks creat one single entry and updates from load etc. looks like
working but with

:~# lynx 127.0.0.1:81/balancer-manager

:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:28:58.249737 2019] [proxy_balancer:error] [pid 14669:tid 140254497400576] [client 127.0.0.1:42844] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:09.585221 2019] [proxy_balancer:error] [pid 14669:tid 140254623291136] [client 127.0.0.1:42848] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:15.435690 2019] [proxy_balancer:error] [pid 14669:tid 140254614898432] [client 127.0.0.1:42850] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:29.771322 2019] [proxy_balancer:error] [pid 14669:tid 140254598113024] [client 127.0.0.1:42852] AH10187: ignoring params in balancer-manager cross-site access


every singel submit will create an entry and for example
the Load change will not made in the balancer manager.

The string from the Log Entry is in the newest Version from

https://svn.apache.org/viewvc?view=revision&revision=1864787
http://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.41/modules/proxy/mod_proxy_balancer.c

a downgrade to the prior Version to the Apache Packages solved the
Problem.

Regards Horst

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1842701

Title:
  Apache2 Balancer Manager mod_proxy_balancer not working after Update

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1842701/+subscriptions


Follow ups