Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3)
On Wed, Sep 5, 2012 at 6:08 PM, Zisis Lianas zisis.lia...@consol.de wrote: There seems to be some problems when trying to proxy / with ProxyPass and mod_proxy_balancer. See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=51982 https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 I could reproduce both errors in httpd-2.4.3: 1) error 500 when configuring ProxyPass / balancer://default 2) double-slash problem when backend returns 301 Sample config: ProxyPreserveHost Off Proxy balancer://default BalancerMember http://backend1.foo:5080 route=0 BalancerMember http://backend2.foo:5080 route=1 ProxySet lbmethod=bybusyness nofailover=off stickysession=JSESSIONID|jsessionid /Proxy ProxyPass / balancer://default ProxyPassReverse / balancer://default 1) When configuring ProxyPass / balancer://default, an error 500 occurs. When using a different ProxyPassMatch config, everything works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1 I broke it down to mod_proxy.c::ap_proxy_trans_match(). r-filename resp. found is set to proxy:balancer://defaultclusterjsp when for e.g. the URL http://mydomain.foo/clusterjsp; is called. r-filename should be proxy:balancer://default/clusterjsp. I wrote a patch for httpd-2.4.3 (attached) - maybe someone can review and improve it to get it finally in trunk. This is because the configuration is incorrect. Your ProxyPassMatch corresponds to this ProxyPass line ProxyPass / balancer://default/ Not this ProxyPass / balancer://default The trailing slash is relevant, as you have found out. 2) When the patch from 1) is applied, you will run into another problem. On 301 from backend, an dispensable / will be prepended to the URI. E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the redirect location will be set wrong: Location: http://mydomain.foo:8080//clusterjsp/ This will result in session problems... (cookie path is /clusterjsp and not //clusterjsp). See attached logfile for more details. A patch was proposed in https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 for httpd-2.4.x, which is working for me. I did a quick check with: u = apr_pstrcat(r-pool, (strcmp(ent[i].fake, /) == 0 ? : ent[i].fake), url[l2], NULL); This problem comes from incorrectly fixing problem 1. Cheers Tom
Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3)
Also with the trailing slash the config does not work correctly, see attached logfile. Please keep in mind that this only happens if the backend returns a 301. Status from backend: 301 Location: http://backend01.foo:5080/clusterjsp/ [...] Response sent with status 301, headers: Location: http://mydomain.foo:8080//clusterjsp/ [...] Request received from client: GET //clusterjsp/ HTTP/1.0 - Original Message - From: Tom Evans tevans...@googlemail.com To: dev@httpd.apache.org Sent: Thursday, September 6, 2012 12:49:03 PM Subject: Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3) On Wed, Sep 5, 2012 at 6:08 PM, Zisis Lianas zisis.lia...@consol.de wrote: There seems to be some problems when trying to proxy / with ProxyPass and mod_proxy_balancer. See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=51982 https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 I could reproduce both errors in httpd-2.4.3: 1) error 500 when configuring ProxyPass / balancer://default 2) double-slash problem when backend returns 301 Sample config: ProxyPreserveHost Off Proxy balancer://default BalancerMember http://backend1.foo:5080 route=0 BalancerMember http://backend2.foo:5080 route=1 ProxySet lbmethod=bybusyness nofailover=off stickysession=JSESSIONID|jsessionid /Proxy ProxyPass / balancer://default ProxyPassReverse / balancer://default 1) When configuring ProxyPass / balancer://default, an error 500 occurs. When using a different ProxyPassMatch config, everything works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1 I broke it down to mod_proxy.c::ap_proxy_trans_match(). r-filename resp. found is set to proxy:balancer://defaultclusterjsp when for e.g. the URL http://mydomain.foo/clusterjsp; is called. r-filename should be proxy:balancer://default/clusterjsp. I wrote a patch for httpd-2.4.3 (attached) - maybe someone can review and improve it to get it finally in trunk. This is because the configuration is incorrect. Your ProxyPassMatch corresponds to this ProxyPass line ProxyPass / balancer://default/ Not this ProxyPass / balancer://default The trailing slash is relevant, as you have found out. 2) When the patch from 1) is applied, you will run into another problem. On 301 from backend, an dispensable / will be prepended to the URI. E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the redirect location will be set wrong: Location: http://mydomain.foo:8080//clusterjsp/ This will result in session problems... (cookie path is /clusterjsp and not //clusterjsp). See attached logfile for more details. A patch was proposed in https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 for httpd-2.4.x, which is working for me. I did a quick check with: u = apr_pstrcat(r-pool, (strcmp(ent[i].fake, /) == 0 ? : ent[i].fake), url[l2], NULL); This problem comes from incorrectly fixing problem 1. Cheers Tom [Thu Sep 06 13:24:00.102345 2012] [core:trace5] [pid 29121:tid 139699051894528] protocol.c(627): [client 10.x.x.x:56178] Request received from client: GET /clusterjsp HTTP/1.0 [Thu Sep 06 13:24:00.102556 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(301): [client 10.x.x.x:56178] Headers received from client: [Thu Sep 06 13:24:00.102579 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Host: mydomain.foo:8080 [Thu Sep 06 13:24:00.102594 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0 [Thu Sep 06 13:24:00.102609 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Thu Sep 06 13:24:00.102621 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept-Language: en-us,en;q=0.5 [Thu Sep 06 13:24:00.102640 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept-Encoding: gzip, deflate [Thu Sep 06 13:24:00.102643 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Cookie: JSESSIONID=b4bee73f75211ee7b66c2182126d.0; __utma=85701643.1776763863.1324649383.1324649383.1324649383.1 [Thu Sep 06 13:24:00.102647 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Via: 1.0 proxy.foo:3128 (squid/2.7.STABLE5) [Thu Sep 06 13:24:00.102650 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] X-Forwarded-For: 10.x.x.x [Thu Sep 06 13:24:00.102652 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178]
Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3)
On Thu, Sep 6, 2012 at 12:42 PM, Zisis Lianas zisis.lia...@consol.de wrote: Also with the trailing slash the config does not work correctly, see attached logfile. Please keep in mind that this only happens if the backend returns a 301. Status from backend: 301 Location: http://backend01.foo:5080/clusterjsp/ [...] Response sent with status 301, headers: Location: http://mydomain.foo:8080//clusterjsp/ [...] Request received from client: GET //clusterjsp/ HTTP/1.0 Only if your configuration is incorrect. The behaviour you are talking about is solely concerned with how you have configured ProxyPassReverse, which you have not shown. If you have incorrectly matched '/'s on ProxyPassReverse, you will also have issues. With ProxyPass and ProxyPassReverse, if the first argument ends in a slash, so should the second. Eg, straight from my production httpd.conf: Proxy balancer://cluster BalancerMember http://app05 retry=0 BalancerMember http://app07 retry=0 status=+H /Proxy ProxyPass / balancer://cluster/ ProxyPassReverse / http://app05/ ProxyPassReverse / http://app07/ This configuration works correctly in all cases. Cheers Tom
Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3)
Tom, thanks for your feedback. The main difference between our configurations is that you do ProxyPassReverse the single BalancerMember (http://app05/...), which is also working for me - in my configuration I ProxyPassReverse the balancer://cluster. And this is the configuration which does not work correctly. So... ProxyPassReverse / http://app05/ = WORKS ProxyPassReverse / balancer://cluster/ = DOES NOT WORK CORRECTLY As documented the balancer://... ProxyPassReverse should work: http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example So I think this is a bug. - Original Message - From: Tom Evans tevans...@googlemail.com To: dev@httpd.apache.org Sent: Thursday, September 6, 2012 4:40:18 PM Subject: Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3) On Thu, Sep 6, 2012 at 12:42 PM, Zisis Lianas zisis.lia...@consol.de wrote: Also with the trailing slash the config does not work correctly, see attached logfile. Please keep in mind that this only happens if the backend returns a 301. Status from backend: 301 Location: http://backend01.foo:5080/clusterjsp/ [...] Response sent with status 301, headers: Location: http://mydomain.foo:8080//clusterjsp/ [...] Request received from client: GET //clusterjsp/ HTTP/1.0 Only if your configuration is incorrect. The behaviour you are talking about is solely concerned with how you have configured ProxyPassReverse, which you have not shown. If you have incorrectly matched '/'s on ProxyPassReverse, you will also have issues. With ProxyPass and ProxyPassReverse, if the first argument ends in a slash, so should the second. Eg, straight from my production httpd.conf: Proxy balancer://cluster BalancerMember http://app05 retry=0 BalancerMember http://app07 retry=0 status=+H /Proxy ProxyPass / balancer://cluster/ ProxyPassReverse / http://app05/ ProxyPassReverse / http://app07/ This configuration works correctly in all cases. Cheers Tom
Re: Bug with ProxyPass / and mod_proxy_balancer + double-slashes (httpd-2.4.3)
On Thu, Sep 6, 2012 at 4:07 PM, Zisis Lianas zisis.lia...@consol.de wrote: Tom, thanks for your feedback. The main difference between our configurations is that you do ProxyPassReverse the single BalancerMember (http://app05/...), which is also working for me - in my configuration I ProxyPassReverse the balancer://cluster. And this is the configuration which does not work correctly. So... ProxyPassReverse / http://app05/ = WORKS ProxyPassReverse / balancer://cluster/ = DOES NOT WORK CORRECTLY As documented the balancer://... ProxyPassReverse should work: http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example So I think this is a bug. Hmm, I'd have to check that, I thought ProxyPassReverse was straight up string replacement, clearly not. Cheers Tom
Re: scorebord permissions
Confirmed On Sat, 2012-09-01 at 16:09 +1000, Nick Edwards wrote: Hello, I have an issue where, apache is, when using graceful reload, setting perms for domains as root -rw--- 1 root root 44 Sep 1 05:59 somedomain yet if I delete this and either click on URL, or, stop apache and cleanly start apache it is recreated cleanly as: -rw--- 1 apache apache 44 Sep 1 06:00 somedomain stop/start/reload are all called from the same sh file. This behaviour also exists when using apachectl directly Is this a bug? signature.asc Description: This is a digitally signed message part
Re: scorebord permissions
my bad... confirmed on 2.4.3 Nick, what version of httpd are you running? including this information helps. On Fri, 2012-09-07 at 09:27 +1000, Noel Butler wrote: Confirmed On Sat, 2012-09-01 at 16:09 +1000, Nick Edwards wrote: Hello, I have an issue where, apache is, when using graceful reload, setting perms for domains as root -rw--- 1 root root 44 Sep 1 05:59 somedomain yet if I delete this and either click on URL, or, stop apache and cleanly start apache it is recreated cleanly as: -rw--- 1 apache apache 44 Sep 1 06:00 somedomain stop/start/reload are all called from the same sh file. This behaviour also exists when using apachectl directly Is this a bug? signature.asc Description: This is a digitally signed message part
