enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #08489
[Bug 1939678] [NEW] Apache2 Balancer Manager not working after dist-upgrade to focal behind a Proxy
Public bug reported:
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
Approximately two years ago i creat the following bug report.
https://bugs.launchpad.net/apache2/+bug/1842701/
At the end talk to that bug report is a hin "that bug is still opend in
apache 2.4.41" and further on "it should be fixed in 2.4.42". mybe this is
now forgotten to fix in focal and it is a regression bug or the
"(e.g. want to have it broken for better security)." ist happend.
any suggestion is appreciated
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
To Reproduced i create two new Virtual Box VMs on my local Machine
-------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
-------------
Debian 10 -> Bastion Host (Proxy) / 192.168.56.90
Ubuntu 18.04 -> LB Manager / 192.168.56.160
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Ubuntu 18.04 with LB Manager
:~# apt-get install apache2
:~# dpkg -l | grep apache2
ii apache2 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server
ii apache2-bin 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.16 all Apache HTTP Server (common files)
ii apache2-utils 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server (utility programs for web servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
:~# vim /etc/apache2/sites-available/management.conf
<VirtualHost 192.168.56.160:81 127.0.0.1:81>
Servername 127.0.0.1
ServerAdmin root@localhost
<Location /balancer-manager>
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
</Location>
<Location /test-web01/balancer-manager>
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
</Location>
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/management_error.log
CustomLog ${APACHE_LOG_DIR}/management_access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
:~# vim /etc/apache2/sites-available/proxytest.conf
<Proxy "balancer://test">
BalancerMember "http://192.168.168.130/test";
BalancerMember "http://192.168.168.131/test"; status=+H
ProxySet lbmethod=bybusyness
</Proxy>
<VirtualHost 127.0.0.1:8100>
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100
ProxyPass "/test" "balancer://test"
ProxyPassReverse "/test" "balancer://test"
CustomLog ${APACHE_LOG_DIR}/test-access.log combined
ErrorLog ${APACHE_LOG_DIR}/test-error.log
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
:~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
:~# a2ensite management proxytest
:~# vim /etc/apache2/ports.conf
[...]
Listen 81
Listen 8100
:~# systemctl restart apache2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
At that point i install also some console Browsers for testing.
:~# apt-get install lynx elinks
:~# tail -f /var/log/apache2/management_error.log
:~# elinks http://127.0.0.1:81/balancer-manager
:~# lynx http://127.0.0.1:81/balancer-manager
LB Manager -> "Edit worker settings for..." is visible and usable, no
error log entrys
- - - - - - - - - - - - - - - - - - - - - - - -
-
Connect with firefox from outside
http://192.168.56.160:81/balancer-manager
LB Manager -> "Edit worker settings for..." is visible and usable, no
error log entrys
-------------------------------------------------------------------------
Create Debian 10 Proxy VM
:~# apt-get install apache2 lynx elinks
:~# dpkg -l | grep apache
ii apache2 2.4.38-3+deb10u5 amd64 Apache HTTP Server
ii apache2-bin 2.4.38-3+deb10u5 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.38-3+deb10u5 all Apache HTTP Server (common files)
ii apache2-utils 2.4.38-3+deb10u5 amd64 Apache HTTP Server (utility programs for web servers)
Check from that VM that LB Manager is usable
:~# elinks 192.168.56.160:81/balancer-manager
:~# elinks 192.168.56.160:81/test-web01/balancer-manager
check direkt in Firefox
http://192.168.56.160:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Create Proxy Config
~# vim /etc/apache2/sites-enabled/000-default.conf
[...]
<Location /test-web01>
ProxyPass http://192.168.56.160:81/test-web01
ProxyPassReverse http://192.168.56.160:81/test-web01
SetOutputFilter INFLATE;SUBSTITUTE
Substitute "s|http://192.168.56.90:81|http://192.168.56.160|i"
</Location>
[...]
:~# a2enmod proxy_http substitute
:~# systemctl restart apache2
Check now over proxy config
:~# elinks 192.168.56.90/test-web01/balancer-manager
-> "Edit worker settings for..." is visible and usable, no error log entrys
Browser: Firefox and Chrome
http://192.168.56.90/test-web01/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
=> Conclusion everything worked for me as expected. LB Manager is usable
through the Proxy Bastion Host.
-------------------------------------------------------------------------
dist-upgrade from the LB Manager VM 18.04 -> 20.04
:~# do-release-upgrade
:~# shutdown -r now
:~# dpkg -l | grep apache2
ii apache2 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.41-4ubuntu3.4 all Apache HTTP Server (common files)
ii apache2-utils 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server (utility programs for web servers)
Check from the LB Manager VM directly now 20.04
:~# elinks http://127.0.0.1:81/balancer-manager
:~# lynx http://127.0.0.1:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
[Thu Aug 12 11:07:45.381180 2021] [proxy_balancer:error] [pid 709:tid 139675415078656] [client 127.0.0.1:44158] AH10187: ignoring params in balancer-manager cross-site access
check direct in Firefox
http://192.168.56.160:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
[Thu Aug 12 11:09:10.362535 2021] [proxy_balancer:error] [pid 709:tid 139675381507840] [client 192.168.56.1:5684] AH10187: ignoring params in balancer-manager cross-site access
every connect makes a single Log entry, but LB Manager directly is
usable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Check over Proxy on Debian 10 VM
:~# elinks http://192.168.56.90/test-web01/balancer-manager
[Thu Aug 12 11:11:41.379048 2021] [proxy_balancer:error] [pid 709:tid
139675230439168] [client 192.168.56.90:48336] AH10187: ignoring params
in balancer-manager cross-site access, referer:
http://192.168.56.90/test-web01/balancer-
manager?b=test&w=http://192.168.168.130/test&nonce=71c9c136-9639-0ce8-7cb7-e545ae00c50f
LB Manager ist not usable
The "Edit worker settings for..." is not visible
- - - - - - - - - - - - - - - - - - - - - - - -
-
Browser: Firefox and Chrome
http://192.168.56.90/test-web01/balancer-manager
[Thu Aug 12 11:12:48.035479 2021] [proxy_balancer:error] [pid 709:tid 139675423471360] [client 192.168.56.90:48338] AH10187: ignoring params in balancer-manager cross-site access
[Thu Aug 12 11:12:50.842842 2021] [proxy_balancer:error] [pid 709:tid 139675406685952] [client 192.168.56.90:48338] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.90/test-web01/balancer-manager
[Thu Aug 12 11:12:51.653153 2021] [proxy_balancer:error] [pid 709:tid 139675398293248] [client 192.168.56.90:48338] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.90/test-web01/balancer-manager?b=test&w=http://192.168.168.130/test&nonce=71c9c136-9639-0ce8-7cb7-e545ae00c50f
[Thu Aug 12 11:12:53.183729 2021] [proxy_balancer:error] [pid 709:tid 139675389900544] [client 192.168.56.90:48338] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.90/test-web01/balancer-manager?b=test&w=http://192.168.168.131/test&nonce=71c9c136-9639-0ce8-7cb7-e545ae00c50f
[Thu Aug 12 11:12:53.639131 2021] [proxy_balancer:error] [pid 709:tid 139675501659904] [client 192.168.56.90:48338] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.90/test-web01/balancer-manager?b=test&w=http://192.168.168.130/test&nonce=71c9c136-9639-0ce8-7cb7-e545ae00c50f
First connect and every singel klick create an error entry.
LB Manager is not usable
The "Edit worker settings for..." is not visible
=> Conclusion after Update to focal i can't use the LB Manager behind
that Proxy Bastion Host. Unfortunately for me there is no other
way to jump in the Production environment.
As i say any suggestion is appreciated is this now a bug (regression) or
is it now a security feature. That will be for me a realy bad news.
Regard Horst
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1939678
Title:
Apache2 Balancer Manager not working after dist-upgrade to focal
behind a Proxy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1939678/+subscriptions
Follow ups
