Re: reverse proxy issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 8, 2022 at 3:21 PM Serge Krawczenko <skrawczenko@xxxxxxxxx> wrote:
>
> We have application server behind httpd as a reverse proxy,
> with basic ldap auth, so only ldap authenticated users are able to get into the application.
> (    Require valid-user
>     Allow from all
> )

It's usually not a good idea to mix Require (httpd >= 2.4) and Allow
(httpd < 2.4) directives together, though I don't see how it could
lead to the symptoms you are seeing.

>
> Everything works well and configuration is very basic.
> However,
> Sometimes like once in a month or two it fails and httpd stops acting like a reverse proxy.
> I.e. https://url/my-app fails with 404 trying to find my-app locally.
> (the requested URL /my-app was not found on this server)

If there are multiple VirtualHosts on the same IP:port in your server,
possibly some requests reach one with no "ProxyPass /my-app ..."
defined?
It may happen if an unknown Host/SNI is handled by the default vhost
for instance, but it wouldn't explain why all the following requests
go there (unless the app/something at some point starts redirecting to
a different URL).

>
> It is 'fixed' by restarting httpd and is very annoying for users.
>
> Debug turned on for proxy and ldap modules and there's absolutely nothing suspicious.
> When the situation occurs, there's just no attempt to refer to the 'proxypass' it is
> just trying to get the local path immediately.
>
> It cannot be reproduced as well and there's no specific periodicity for this failure.
> Anything i'm missing? Any more debug to turn on?

Which httpd MPM and modules are used? It could be a non thread-safe
module running on a threaded MPM, corrupting some global state when
the load increases.


Regards;
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux