← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1842701] Re: Apache2 Balancer Manager mod_proxy_balancer not working after Update

 

Hi Horst,
yes I checked and the issue is in Eoan 2.4.41 - I checked that already last week and let Steve now.

Steve wanted to track the upstream discussions on this as going forward
we most likely want to follow upstreams guidance on this (e.g. want to
have it broken for better security).

But thanks for the ping, we might want to mark the bug tasks accordingly
to make this clear.

** Also affects: apache2 (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Also affects: apache2 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: apache2 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: apache2 (Ubuntu)
       Status: Fix Released => Confirmed

** Changed in: apache2 (Ubuntu Xenial)
       Status: New => Fix Released

** Changed in: apache2 (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: apache2 (Ubuntu Disco)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1842701

Title:
  Apache2 Balancer Manager mod_proxy_balancer not working after Update

Status in Apache2 Web Server:
  Confirmed
Status in apache2 package in Ubuntu:
  Confirmed
Status in apache2 source package in Xenial:
  Fix Released
Status in apache2 source package in Bionic:
  Fix Released
Status in apache2 source package in Disco:
  Fix Released

Bug description:
  OS

  Description:    Ubuntu 18.04.3 LTS
  Release:        18.04
  Codename:       bionic

  
  I use this kind of configuration to reache the Balancer Manager.

   -------------
  |Bastian Host |
  |Apache Proxy | -----------> LB Apache Balancer Manger
   -------------

  After Apache Update

  from: 2.4.29-1ubuntu4.8
  to:   2.4.29-1ubuntu4.10

  The Balancer Manager behind a Proxy is not Working and i think this is comming with
  the fix CVE-2019-10092

  https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
  http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.29-1ubuntu4.10/changelog

  
  I strip down the configuration to try and explain the situation.

  Install new Ubuntu 18.04 VirtualBox. From an another VM i saved the prior
  Apache Packages from /var/cache/apt/archives

  :~# apt-get install libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
  :~# dpkg -i apache2_2.4.29-1ubuntu4.8_amd64.deb apache2-bin_2.4.29-1ubuntu4.8_amd64.deb apache2-data_2.4.29-1ubuntu4.8_all.deb apache2-utils_2.4.29-1ubuntu4.8_amd64.deb

  :~# dpkg -l | grep apache2
  ii  apache2          2.4.29-1ubuntu4.8   amd64        Apache HTTP Server
  ii  apache2-bin      2.4.29-1ubuntu4.8   amd64        Apache HTTP Server (modules and other binary files)
  ii  apache2-data     2.4.29-1ubuntu4.8   all          Apache HTTP Server (common files)
  ii  apache2-utils    2.4.29-1ubuntu4.8   amd64        Apache HTTP Server (utility programs for web servers)

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - -

  :~# vim /etc/apache2/sites-available/management.conf
  <VirtualHost 192.168.56.211:81 127.0.0.1:81>
      Servername 127.0.0.1
      ServerAdmin root@localhost

      <Location /balancer-manager>
          SetHandler balancer-manager
          Require local
          #Require ip 192.168.56.0/24 127.0.0.1/24
          Require all granted
      </Location>

      LogLevel warn
      ErrorLog ${APACHE_LOG_DIR}/management_error.log
      CustomLog ${APACHE_LOG_DIR}/management_access.log combined

  </VirtualHost>

  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - -

  :~# vim /etc/apache2/sites-available/proxytest.conf
  <Proxy "balancer://test">
          BalancerMember "http://192.168.168.130/test";
          BalancerMember "http://192.168.168.131/test"; status=+H
          ProxySet lbmethod=bybusyness
  </Proxy>

  <VirtualHost 127.0.0.1:8100>
  ServerAdmin root@localhost
  ServerName testapp01
  ServerAlias 127.0.0.1:8100

      ProxyPass           "/test" "balancer://test"
      ProxyPassReverse    "/test" "balancer://test"

      CustomLog ${APACHE_LOG_DIR}/test-access.log combined
      ErrorLog  ${APACHE_LOG_DIR}/test-error.log

  </VirtualHost>

  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - -

  :~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
  :~# a2ensite management proxytest

  :~# vim /etc/apache2/ports.conf
  [...]
  Listen 81
  Listen 8100

  :~# systemctl restart apache2

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - -

  At that point i install also some console Browsers for testing.

  :~# apt-get install lynx elinks

  :~# tail -f /var/log/apache2/management_error.log

  :~# elinks 127.0.0.1:81/balancer-manager
  :~# lynx 127.0.0.1:81/balancer-manager

  i can do update the Load and made changes. i also connect from outside with
  Firefox

  http://192.168.56.211:81/balancer-manager

  all this creates no error log entrys, the log is still empty

  -------------------------------------------------------------------------

  update apache

  :~# apt-get update
  :~# apt-get upgrade

  :~# dpkg -l | grep apache2
  ii  apache2        2.4.29-1ubuntu4.10  amd64        Apache HTTP Server
  ii  apache2-bin    2.4.29-1ubuntu4.10  amd64        Apache HTTP Server (modules and other binary files)
  ii  apache2-data   2.4.29-1ubuntu4.10  all          Apache HTTP Server (common files)
  ii  apache2-utils  2.4.29-1ubuntu4.10  amd64        Apache HTTP Server (utility programs for web servers)

  
  do the same with all the Browsers and have the error log in view.

  http://192.168.56.211:81/balancer-manager

  :~# tail -f /var/log/apache2/management_error.log
  [Wed Sep 04 12:24:55.740457 2019] [proxy_balancer:error] [pid 14297:tid 140056626964224] [client 192.168.56.1:3432] AH10187: ignoring params in balancer-manager cross-site access

  :~# elinks 127.0.0.1:81/balancer-manager

  :~# tail -f /var/log/apache2/management_error.log
  [Wed Sep 04 12:27:45.423011 2019] [proxy_balancer:error] [pid 14669:tid 140254539364096] [client 127.0.0.1:42836] AH10187: ignoring params in balancer-manager cross-site access

  
  Firefox and elinks creat one single entry and updates from load etc. looks like
  working but with

  :~# lynx 127.0.0.1:81/balancer-manager

  :~# tail -f /var/log/apache2/management_error.log
  [Wed Sep 04 12:28:58.249737 2019] [proxy_balancer:error] [pid 14669:tid 140254497400576] [client 127.0.0.1:42844] AH10187: ignoring params in balancer-manager cross-site access
  [Wed Sep 04 12:29:09.585221 2019] [proxy_balancer:error] [pid 14669:tid 140254623291136] [client 127.0.0.1:42848] AH10187: ignoring params in balancer-manager cross-site access
  [Wed Sep 04 12:29:15.435690 2019] [proxy_balancer:error] [pid 14669:tid 140254614898432] [client 127.0.0.1:42850] AH10187: ignoring params in balancer-manager cross-site access
  [Wed Sep 04 12:29:29.771322 2019] [proxy_balancer:error] [pid 14669:tid 140254598113024] [client 127.0.0.1:42852] AH10187: ignoring params in balancer-manager cross-site access

  
  every singel submit will create an entry and for example
  the Load change will not made in the balancer manager.

  The string from the Log Entry is in the newest Version from

  https://svn.apache.org/viewvc?view=revision&revision=1864787
  http://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.41/modules/proxy/mod_proxy_balancer.c

  a downgrade to the prior Version to the Apache Packages solved the
  Problem.

  Regards Horst

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1842701/+subscriptions