On Wed, Jun 8, 2022 at 3:21 PM Serge Krawczenko <skrawczenko@xxxxxxxxx> wrote:
>
> We have application server behind httpd as a reverse proxy,
> with basic ldap auth, so only ldap authenticated users are able to get into the application.
> ( Require valid-user
> Allow from all
> )
It's usually not a good idea to mix Require (httpd >= 2.4) and Allow
(httpd < 2.4) directives together, though I don't see how it could
lead to the symptoms you are seeing.
>
> Everything works well and configuration is very basic.
> However,
> Sometimes like once in a month or two it fails and httpd stops acting like a reverse proxy.
> I.e. https://url/my-app fails with 404 trying to find my-app locally.
> (the requested URL /my-app was not found on this server)
If there are multiple VirtualHosts on the same IP:port in your server,
possibly some requests reach one with no "ProxyPass /my-app ..."
defined?
It may happen if an unknown Host/SNI is handled by the default vhost
for instance, but it wouldn't explain why all the following requests
go there (unless the app/something at some point starts redirecting to
a different URL).
>
> It is 'fixed' by restarting httpd and is very annoying for users.
>
> Debug turned on for proxy and ldap modules and there's absolutely nothing suspicious.
> When the situation occurs, there's just no attempt to refer to the 'proxypass' it is
> just trying to get the local path immediately.
>
> It cannot be reproduced as well and there's no specific periodicity for this failure.
> Anything i'm missing? Any more debug to turn on?
Which httpd MPM and modules are used? It could be a non thread-safe
module running on a threaded MPM, corrupting some global state when
the load increases.
Regards;
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx