Bug 63893 - Bogus warning "unsupported command 20"
Summary: Bogus warning "unsupported command 20"
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_remoteip (show other bugs)
Version: 2.4.38
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2019-10-30 13:38 UTC by Charlemagne Lasse
Modified: 2020-02-21 23:20 UTC (History)
1 user (show)



Attachments
Patch to prevent from logging local proxy connections (532 bytes, patch)
2020-01-29 22:06 UTC, Giovanni Bechis
Details | Diff
prevent logging local proxy connections (1.55 KB, patch)
2020-02-06 07:49 UTC, Giovanni Bechis
Details | Diff
prevent logging local proxy connections (542 bytes, patch)
2020-02-06 09:54 UTC, Giovanni Bechis
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Charlemagne Lasse 2019-10-30 13:38:32 UTC
My log filled just my complete EC2 HDD because apache remoteip spams my logs full with "RemoteIPProxyProtocol: unsupported command 20". This is caused by the health checks of AWS's NLB - which sends LOCAL ver_cmd proxy headers to check for problems.

This is (according to the spec https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) a valid ver_cmd and shouldn't cause these kind of log spam.

See "9. Sample code" for details.
Comment 1 Giovanni Bechis 2020-01-29 22:06:15 UTC
Created attachment 36986 [details]
Patch to prevent from logging local proxy connections
Comment 2 Eric Covener 2020-01-31 02:25:38 UTC
(In reply to Giovanni Bechis from comment #1)
> Created attachment 36986 [details]
> Patch to prevent from logging local proxy connections

desk-checking patch and not too familiar with this module/protocol, should we be returning over the apr_sockaddr_ip_get() below the switch?
Comment 3 Giovanni Bechis 2020-02-06 07:49:22 UTC
Created attachment 36992 [details]
prevent logging local proxy connections

From protocol specs (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt):
"...When used with a LOCAL command, the receiver must accept the connection and
ignore any address information...."
The updated patch doesn't compute the client ip in the local connection case.
Comment 4 Joe Orton 2020-02-06 08:50:11 UTC
Doing "return HDR_DONE" in the LOCAL case looks simpler
Comment 5 Giovanni Bechis 2020-02-06 09:54:45 UTC
Created attachment 36993 [details]
prevent logging local proxy connections

Looks fine as well, diff updated.
Comment 6 Giovanni Bechis 2020-02-21 23:20:17 UTC
Committed to trunk in r1874344.