I came across from here
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1939678
After Update from Ubuntu 18.04 apache2 2.4.29 to Ubuntu 20.04 apache2 2.4.41
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To Reproduce i create two new Virtual Box VMs on my local Machine and compile apach2 from the sources 2.4.38 -> 2.4.51
-------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
-------------
Debian 11 -> Bastion Host (Proxy) / 192.168.56.70
Ubuntu 20.04 -> LB Manager / 192.168.56.170
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I use the Proxy as Bastion Host to reache several LB Manager from one Point.
Debian 11 Proxy strip down config for reproduce the issue.
:~# apt-get install apache2
~# vim /etc/apache2/sites-enabled/000-default.conf
[...]
ProxyPass http://192.168.56.170:81/balancer-manager
ProxyPassReverse http://192.168.56.170:81/balancer-manager
SetOutputFilter INFLATE;SUBSTITUTE
Substitute "s|http://192.168.56.70:81|http://192.168.56.170|i"
[...]
:~# a2enmod proxy_http substitute
:~# systemctl restart apache2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Second VM with Ubuntu 20.04 for testing and reproduction. I compile apache from the sources. I Start with apache 2.4.38
wget http://archive.apache.org/dist/httpd/httpd-2.4.38.tar.gz
configure / make / make install
:~# vim /usr/local/apache2/conf/httpd.conf
ServerRoot "/usr/local/apache2"
ServerName "localhost"
ServerAdmin
Listen 80
Listen 81
Listen 8100
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
User daemon
Group daemon
AllowOverride none
Require all denied
DocumentRoot "/usr/local/apache2/htdocs"
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex index.html
ErrorLog "logs/error_log"
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
CustomLog "logs/access_log" common
RequestHeader unset Proxy early
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Servername 127.0.0.1
ServerAdmin root@localhost
SetHandler balancer-manager
Require all granted
LogLevel warn
ErrorLog "logs/management_error.log"
CustomLog "/management_access.log" combined
BalancerMember "http://192.168.168.130/test"
BalancerMember "http://192.168.168.131/test" status=+H
ProxySet lbmethod=bybusyness
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100
ProxyPass "/test" "balancer://test"
ProxyPassReverse "/test" "balancer://test"
CustomLog "logs/test-access.log" combined
ErrorLog "logs/test-error.log"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Direct connection with curl in the Console from the LB Machine
:~# curl http://127.0.0.1:81/balancer-manager
from outside with the Browser
http://192.168.56.170:81/balancer-manager
and simultaneously looking in the log
:~# tail -f /usr/local/apache2/logs/management_error.log
-> no error Log entry LB Manager in Browser is working
Now Over Debian 11 Proxy VM
http://192.168.56.70/balancer-manager
-> LB Manager is working as expected
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wget http://archive.apache.org/dist/httpd/httpd-2.4.39.tar.gz
configure / make / make install
Update to 2.4.39 everything is working as expected like above
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wget http://archive.apache.org/dist/httpd/httpd-2.4.41.tar.gz
configure / make / make install
But Now with the Update to Version 2.4.41
Direct connection with curl in the Console from the LB Machine
:~# curl http://127.0.0.1:81/balancer-manager
from outside with the Browser
http://192.168.56.170:81/balancer-manager
and simultaneously looking in the log
:~# tail -f /usr/local/apache2/logs/management_error.log
[Fri Dec 10 12:02:15.015978 2021] [proxy_balancer:error] [pid 92187:tid 139705270384384] [client 127.0.0.1:52138] AH10187: ignoring params in balancer-manager cross-site access
[Fri Dec 10 12:02:36.039407 2021] [proxy_balancer:error] [pid 92187:tid 139705253582592] [client 192.168.56.1:28366] AH10187: ignoring params in balancer-manager cross-site access
From curl localhost and outside with the Browser i trigger on error Log entry. So why "cross-site access" with an connection from/with/in localhost? The LB Manager in the Browser is working. I can change load, disable machines etc. without further error Log entries.
BUT Now Over Debian 11 Proxy VM
http://192.168.56.70/balancer-manager
[Fri Dec 10 12:03:27.341921 2021] [proxy_balancer:error] [pid 92187:tid 139705236780800] [client 192.168.56.70:57986] AH10187: ignoring params in balancer-manager cross-site access
[Fri Dec 10 12:03:43.425885 2021] [proxy_balancer:error] [pid 92189:tid 139705245181696] [client 192.168.56.70:57988] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.70/balancer-manager
[Fri Dec 10 12:03:44.978644 2021] [proxy_balancer:error] [pid 92189:tid 139705236780800] [client 192.168.56.70:57988] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.70/balancer-manager?b=test&w=http://192.168.168.130/test&nonce=bb418b73-73df-208e-0eb3-343ac2e4d3d6
[Fri Dec 10 12:03:46.721392 2021] [proxy_balancer:error] [pid 92189:tid 139705228379904] [client 192.168.56.70:57988] AH10187: ignoring params in balancer-manager cross-site access, referer: http://192.168.56.70/balancer-manager?b=test&w=http://192.168.168.131/test&nonce=bb418b73-73df-208e-0eb3-343ac2e4d3d6
I got a same first error Log entry. But the LB Manager ist not Working i can not change things load etc. The Second "Change GUI Part" is not visible and every tray to klick will create a error log entry.
I compile/update further one to apache 2.4.51 without no luck. LB Manager reached from the Proxy Machine will not Working.
Any suggestion is appreciated.
Thx Horst