Public bug reported: OS
Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic I use this kind of configuration to reache the Balancer Manager. ------------- |Bastian Host | |Apache Proxy | -----------> LB Apache Balancer Manger ------------- After Apache Update from: 2.4.29-1ubuntu4.8 to: 2.4.29-1ubuntu4.10 The Balancer Manager behind a Proxy is not Working and i think this is comming with the fix CVE-2019-10092 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092 http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.29-1ubuntu4.10/changelog I strip down the configuration to try and explain the situation. Install new Ubuntu 18.04 VirtualBox. From an another VM i saved the prior Apache Packages from /var/cache/apt/archives :~# apt-get install libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 :~# dpkg -i apache2_2.4.29-1ubuntu4.8_amd64.deb apache2-bin_2.4.29-1ubuntu4.8_amd64.deb apache2-data_2.4.29-1ubuntu4.8_all.deb apache2-utils_2.4.29-1ubuntu4.8_amd64.deb :~# dpkg -l | grep apache2 ii apache2 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server ii apache2-bin 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server (modules and other binary files) ii apache2-data 2.4.29-1ubuntu4.8 all Apache HTTP Server (common files) ii apache2-utils 2.4.29-1ubuntu4.8 amd64 Apache HTTP Server (utility programs for web servers) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - :~# vim /etc/apache2/sites-available/management.conf <VirtualHost 192.168.56.211:81 127.0.0.1:81> Servername 127.0.0.1 ServerAdmin root@localhost <Location /balancer-manager> SetHandler balancer-manager Require local #Require ip 192.168.56.0/24 127.0.0.1/24 Require all granted </Location> LogLevel warn ErrorLog ${APACHE_LOG_DIR}/management_error.log CustomLog ${APACHE_LOG_DIR}/management_access.log combined </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - :~# vim /etc/apache2/sites-available/proxytest.conf <Proxy "balancer://test"> BalancerMember "http://192.168.168.130/test"; BalancerMember "http://192.168.168.131/test"; status=+H ProxySet lbmethod=bybusyness </Proxy> <VirtualHost 127.0.0.1:8100> ServerAdmin root@localhost ServerName testapp01 ServerAlias 127.0.0.1:8100 ProxyPass "/test" "balancer://test" ProxyPassReverse "/test" "balancer://test" CustomLog ${APACHE_LOG_DIR}/test-access.log combined ErrorLog ${APACHE_LOG_DIR}/test-error.log </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - :~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests :~# a2ensite management proxytest :~# vim /etc/apache2/ports.conf [...] Listen 81 Listen 8100 :~# systemctl restart apache2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - At that point i install also some console Browsers for testing. :~# apt-get install lynx elinks :~# tail -f /var/log/apache2/management_error.log :~# elinks 127.0.0.1:81/balancer-manager :~# lynx 127.0.0.1:81/balancer-manager i can do update the Load and made changes. i also connect from outside with Firefox http://192.168.56.211:81/balancer-manager all this creates no error log entrys, the log is still empty ------------------------------------------------------------------------- update apache :~# apt-get update :~# apt-get upgrade :~# dpkg -l | grep apache2 ii apache2 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server ii apache2-bin 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server (modules and other binary files) ii apache2-data 2.4.29-1ubuntu4.10 all Apache HTTP Server (common files) ii apache2-utils 2.4.29-1ubuntu4.10 amd64 Apache HTTP Server (utility programs for web servers) do the same with all the Browsers and have the error log in view. http://192.168.56.211:81/balancer-manager :~# tail -f /var/log/apache2/management_error.log [Wed Sep 04 12:24:55.740457 2019] [proxy_balancer:error] [pid 14297:tid 140056626964224] [client 192.168.56.1:3432] AH10187: ignoring params in balancer-manager cross-site access :~# elinks 127.0.0.1:81/balancer-manager :~# tail -f /var/log/apache2/management_error.log [Wed Sep 04 12:27:45.423011 2019] [proxy_balancer:error] [pid 14669:tid 140254539364096] [client 127.0.0.1:42836] AH10187: ignoring params in balancer-manager cross-site access Firefox and elinks creat one single entry and updates from load etc. looks like working but with :~# lynx 127.0.0.1:81/balancer-manager :~# tail -f /var/log/apache2/management_error.log [Wed Sep 04 12:28:58.249737 2019] [proxy_balancer:error] [pid 14669:tid 140254497400576] [client 127.0.0.1:42844] AH10187: ignoring params in balancer-manager cross-site access [Wed Sep 04 12:29:09.585221 2019] [proxy_balancer:error] [pid 14669:tid 140254623291136] [client 127.0.0.1:42848] AH10187: ignoring params in balancer-manager cross-site access [Wed Sep 04 12:29:15.435690 2019] [proxy_balancer:error] [pid 14669:tid 140254614898432] [client 127.0.0.1:42850] AH10187: ignoring params in balancer-manager cross-site access [Wed Sep 04 12:29:29.771322 2019] [proxy_balancer:error] [pid 14669:tid 140254598113024] [client 127.0.0.1:42852] AH10187: ignoring params in balancer-manager cross-site access every singel submit will create an entry and for example the Load change will not made in the balancer manager. The string from the Log Entry is in the newest Version from https://svn.apache.org/viewvc?view=revision&revision=1864787 http://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.41/modules/proxy/mod_proxy_balancer.c a downgrade to the prior Version to the Apache Packages solved the Problem. Regards Horst ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to apache2 in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/1842701 Title: Apache2 Balancer Manager mod_proxy_balancer not working after Update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1842701/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : enterprise-support@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
