group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #32505
[Bug 1842701] Re: Apache2 Balancer Manager mod_proxy_balancer not working after Update
Hi Horst,
yes I checked and the issue is in Eoan 2.4.41 - I checked that already last week and let Steve now.
Steve wanted to track the upstream discussions on this as going forward
we most likely want to follow upstreams guidance on this (e.g. want to
have it broken for better security).
But thanks for the ping, we might want to mark the bug tasks accordingly
to make this clear.
** Also affects: apache2 (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu)
Status: Fix Released => Confirmed
** Changed in: apache2 (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: apache2 (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: apache2 (Ubuntu Disco)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1842701
Title:
Apache2 Balancer Manager mod_proxy_balancer not working after Update
Status in Apache2 Web Server:
Confirmed
Status in apache2 package in Ubuntu:
Confirmed
Status in apache2 source package in Xenial:
Fix Released
Status in apache2 source package in Bionic:
Fix Released
Status in apache2 source package in Disco:
Fix Released
Bug description:
OS
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic
I use this kind of configuration to reache the Balancer Manager.
-------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
-------------
After Apache Update
from: 2.4.29-1ubuntu4.8
to: 2.4.29-1ubuntu4.10
The Balancer Manager behind a Proxy is not Working and i think this is comming with
the fix CVE-2019-10092
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.29-1ubuntu4.10/changelog
I strip down the configuration to try and explain the situation.
Install new Ubuntu 18.04 VirtualBox. From an another VM i saved the prior
Apache Packages from /var/cache/apt/archives
:~# apt-get install libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
:~# dpkg -i apache2_2.4.29-1ubuntu4.8_amd64.deb apache2-bin_2.4.29-1ubuntu4.8_amd64.deb apache2-data_2.4.29-1ubuntu4.8_all.deb apache2-utils_2.4.29-1ubuntu4.8_amd64.deb
:~# dpkg -l | grep apache2
ii apache2 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server
ii apache2-bin 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.8 all Apache HTTP Server (common files)
ii apache2-utils 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server (utility programs for web servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# vim /etc/apache2/sites-available/management.conf
<VirtualHost 192.168.56.211:81 127.0.0.1:81>
Servername 127.0.0.1
ServerAdmin root@localhost
<Location /balancer-manager>
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
</Location>
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/management_error.log
CustomLog ${APACHE_LOG_DIR}/management_access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# vim /etc/apache2/sites-available/proxytest.conf
<Proxy "balancer://test">
BalancerMember "http://192.168.168.130/test"
BalancerMember "http://192.168.168.131/test" status=+H
ProxySet lbmethod=bybusyness
</Proxy>
<VirtualHost 127.0.0.1:8100>
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100
ProxyPass "/test" "balancer://test"
ProxyPassReverse "/test" "balancer://test"
CustomLog ${APACHE_LOG_DIR}/test-access.log combined
ErrorLog ${APACHE_LOG_DIR}/test-error.log
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
:~# a2ensite management proxytest
:~# vim /etc/apache2/ports.conf
[...]
Listen 81
Listen 8100
:~# systemctl restart apache2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
At that point i install also some console Browsers for testing.
:~# apt-get install lynx elinks
:~# tail -f /var/log/apache2/management_error.log
:~# elinks 127.0.0.1:81/balancer-manager
:~# lynx 127.0.0.1:81/balancer-manager
i can do update the Load and made changes. i also connect from outside with
Firefox
http://192.168.56.211:81/balancer-manager
all this creates no error log entrys, the log is still empty
-------------------------------------------------------------------------
update apache
:~# apt-get update
:~# apt-get upgrade
:~# dpkg -l | grep apache2
ii apache2 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server
ii apache2-bin 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.10 all Apache HTTP Server (common files)
ii apache2-utils 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server (utility programs for web servers)
do the same with all the Browsers and have the error log in view.
http://192.168.56.211:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:24:55.740457 2019] [proxy_balancer:error] [pid 14297:tid 140056626964224] [client 192.168.56.1:3432] AH10187: ignoring params in balancer-manager cross-site access
:~# elinks 127.0.0.1:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:27:45.423011 2019] [proxy_balancer:error] [pid 14669:tid 140254539364096] [client 127.0.0.1:42836] AH10187: ignoring params in balancer-manager cross-site access
Firefox and elinks creat one single entry and updates from load etc. looks like
working but with
:~# lynx 127.0.0.1:81/balancer-manager
:~# tail -f /var/log/apache2/management_error.log
[Wed Sep 04 12:28:58.249737 2019] [proxy_balancer:error] [pid 14669:tid 140254497400576] [client 127.0.0.1:42844] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:09.585221 2019] [proxy_balancer:error] [pid 14669:tid 140254623291136] [client 127.0.0.1:42848] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:15.435690 2019] [proxy_balancer:error] [pid 14669:tid 140254614898432] [client 127.0.0.1:42850] AH10187: ignoring params in balancer-manager cross-site access
[Wed Sep 04 12:29:29.771322 2019] [proxy_balancer:error] [pid 14669:tid 140254598113024] [client 127.0.0.1:42852] AH10187: ignoring params in balancer-manager cross-site access
every singel submit will create an entry and for example
the Load change will not made in the balancer manager.
The string from the Log Entry is in the newest Version from
https://svn.apache.org/viewvc?view=revision&revision=1864787
http://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.41/modules/proxy/mod_proxy_balancer.c
a downgrade to the prior Version to the Apache Packages solved the
Problem.
Regards Horst
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1842701/+subscriptions