[Bug 65737] New: Proxy Balancer AH10187: ignoring params in balancer-manager cross-site access

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65737

            Bug ID: 65737
           Summary: Proxy Balancer AH10187: ignoring params in
                    balancer-manager cross-site access
           Product: Apache httpd-2
           Version: 2.4.41
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_balancer
          Assignee: bugs@httpd.apache.org
          Reporter: h...@localhorst.org
  Target Milestone: ---

I came across from here 

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1939678

After Update from Ubuntu 18.04 apache2 2.4.29 to Ubuntu 20.04 apache2 2.4.41

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

To Reproduce i create two new Virtual Box VMs on my local Machine and compile
apach2 from the sources 2.4.38 -> 2.4.51

 -------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
 -------------

Debian 11 -> Bastion Host (Proxy) / 192.168.56.70
Ubuntu 20.04 -> LB Manager / 192.168.56.170

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I use the Proxy as Bastion Host to reache several LB Manager from one Point.

Debian 11 Proxy strip down config for reproduce the issue.

:~# apt-get install apache2

~# vim /etc/apache2/sites-enabled/000-default.conf
[...]
       <Location /balancer-manager>
                ProxyPass http://192.168.56.170:81/balancer-manager
                ProxyPassReverse http://192.168.56.170:81/balancer-manager
                SetOutputFilter INFLATE;SUBSTITUTE
                Substitute "s|http://192.168.56.70:81|http://192.168.56.170|i"
       </Location>
[...]

:~# a2enmod proxy_http substitute
:~# systemctl restart apache2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Second VM with Ubuntu 20.04 for testing and reproduction. I compile apache from
the sources. I Start with apache 2.4.38

wget http://archive.apache.org/dist/httpd/httpd-2.4.38.tar.gz
configure / make / make install


:~# vim /usr/local/apache2/conf/httpd.conf
ServerRoot "/usr/local/apache2"
ServerName "localhost"
ServerAdmin y...@example.com

Listen 80
Listen 81
Listen 8100

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so

<IfModule unixd_module>
User daemon
Group daemon
</IfModule>

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" common
</IfModule>

<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

<VirtualHost 192.168.56.170:81 127.0.0.1:81>
  Servername 127.0.0.1
  ServerAdmin root@localhost

  <Location /balancer-manager>
    SetHandler balancer-manager
    Require all granted
   </Location>

  LogLevel warn
  ErrorLog "logs/management_error.log"
  CustomLog "/management_access.log" combined
</VirtualHost>

<Proxy "balancer://test">
  BalancerMember "http://192.168.168.130/test";
  BalancerMember "http://192.168.168.131/test"; status=+H
  ProxySet lbmethod=bybusyness
</Proxy>

<VirtualHost 127.0.0.1:8100>
  ServerAdmin root@localhost
  ServerName testapp01
  ServerAlias 127.0.0.1:8100

  ProxyPass "/test" "balancer://test"
  ProxyPassReverse "/test" "balancer://test"

  CustomLog "logs/test-access.log" combined
  ErrorLog "logs/test-error.log"
</VirtualHost>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Direct connection with curl in the Console from the LB Machine

:~# curl http://127.0.0.1:81/balancer-manager

from outside with the Browser

http://192.168.56.170:81/balancer-manager

and simultaneously looking in the log

:~# tail -f /usr/local/apache2/logs/management_error.log

-> no error Log entry LB Manager in Browser is working


Now Over Debian 11 Proxy VM

http://192.168.56.70/balancer-manager

-> LB Manager is working as expected

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

wget http://archive.apache.org/dist/httpd/httpd-2.4.39.tar.gz
configure / make / make install

Update to 2.4.39 everything is working as expected like above

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

wget http://archive.apache.org/dist/httpd/httpd-2.4.41.tar.gz
configure / make / make install

But Now with the Update to Version 2.4.41

Direct connection with curl in the Console from the LB Machine

:~# curl http://127.0.0.1:81/balancer-manager

from outside with the Browser

http://192.168.56.170:81/balancer-manager

and simultaneously looking in the log

:~# tail -f /usr/local/apache2/logs/management_error.log
[Fri Dec 10 12:02:15.015978 2021] [proxy_balancer:error] [pid 92187:tid
139705270384384] [client 127.0.0.1:52138] AH10187: ignoring params in
balancer-manager cross-site access

[Fri Dec 10 12:02:36.039407 2021] [proxy_balancer:error] [pid 92187:tid
139705253582592] [client 192.168.56.1:28366] AH10187: ignoring params in
balancer-manager cross-site access

>From curl localhost and outside with the Browser i trigger on error Log entry.
So why "cross-site access" with an connection from/with/in localhost? The LB
Manager in the Browser is working. I can change load, disable machines etc.
without further error Log entries.


BUT Now Over Debian 11 Proxy VM

http://192.168.56.70/balancer-manager

[Fri Dec 10 12:03:27.341921 2021] [proxy_balancer:error] [pid 92187:tid
139705236780800] [client 192.168.56.70:57986] AH10187: ignoring params in
balancer-manager cross-site access

[Fri Dec 10 12:03:43.425885 2021] [proxy_balancer:error] [pid 92189:tid
139705245181696] [client 192.168.56.70:57988] AH10187: ignoring params in
balancer-manager cross-site access, referer:
http://192.168.56.70/balancer-manager
[Fri Dec 10 12:03:44.978644 2021] [proxy_balancer:error] [pid 92189:tid
139705236780800] [client 192.168.56.70:57988] AH10187: ignoring params in
balancer-manager cross-site access, referer:
http://192.168.56.70/balancer-manager?b=test&w=http://192.168.168.130/test&nonce=bb418b73-73df-208e-0eb3-343ac2e4d3d6
[Fri Dec 10 12:03:46.721392 2021] [proxy_balancer:error] [pid 92189:tid
139705228379904] [client 192.168.56.70:57988] AH10187: ignoring params in
balancer-manager cross-site access, referer:
http://192.168.56.70/balancer-manager?b=test&w=http://192.168.168.131/test&nonce=bb418b73-73df-208e-0eb3-343ac2e4d3d6


I got a same first error Log entry. But the LB Manager ist not Working i can
not change things load etc. The Second "Change GUI Part" is not visible and
every tray to klick will create a error log entry.

I compile/update further one to apache 2.4.51 without no luck. LB Manager
reached from the Proxy Machine will not Working.

Any suggestion is appreciated.

Thx Horst

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org