65419 – Regexp parsing problem in ProxyPassMatch, Unable to find the relavant path

Bug 65419 - Regexp parsing problem in ProxyPassMatch, Unable to find the relavant path

Summary: Regexp parsing problem in ProxyPassMatch, Unable to find the relavant path

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy (show other bugs)
Version:	2.4.48
Hardware:	Other other

Importance:	P2 blocker (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk

Depends on:
Blocks:

Reported:	2021-07-01 10:19 UTC by Abhishek Kr Sharma
Modified:	2021-09-20 23:05 UTC (History)
CC List:	0 users

Attachments
Fix ap_proxy_define_worker for matchable workers (6.44 KB, patch) 2021-07-02 10:37 UTC, Yann Ylavic	Details \| Diff
Fix ap_proxy_define_worker for matchable workers (v2) (6.44 KB, patch) 2021-07-02 10:45 UTC, Yann Ylavic	Details \| Diff
Fix ap_proxy_define_worker for matchable workers (v3) (8.32 KB, patch) 2021-07-03 13:51 UTC, Yann Ylavic	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Abhishek Kr Sharma 2021-07-01 10:19:09 UTC

We are upgrading from apache2 2.4.46 to 2.4.48. The apche config has a ProxyPassMatch rule which is now not working after upgrading.

Apache conf:

<VirtualHost *:443>
        ServerName apache.mettl.pro
            SSLProxyEngine on
        ProxyPreserveHost On
        SSLProtocol TLSv1.2

        ProxyPassMatch ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1
        ProxyPassReverse ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1

        ProxyPass / http://localhost:9090/
        ProxyPassReverse / http://localhost:9090/

        ProxyRequests Off


        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"



        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
        SSLCertificateChainFile /etc/ssl/certs/server_bundle.crt


</VirtualHost>


Error_logs:

[Thu Jul 01 14:50:05.496435 2021] [ssl:info] [pid 7018:tid 139912673023744] [client 10.10.5.223:19000] AH01964: Connection to child 400 established (server ip-10-10-2-136.ap-south-1.compute.internal:443)
[Thu Jul 01 14:50:05.496838 2021] [ssl:debug] [pid 7018:tid 139912673023744] ssl_engine_kernel.c(2425): [client 10.10.5.223:19000] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Thu Jul 01 14:50:05.501883 2021] [ssl:debug] [pid 7018:tid 139912673023744] ssl_engine_kernel.c(2257): [client 10.10.5.223:19000] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jul 01 14:50:05.502714 2021] [ssl:debug] [pid 7018:tid 139912673023744] ssl_engine_kernel.c(422): [client 10.10.5.223:19000] AH02034: Initial (No.1) HTTPS request received for child 400 (server apache.mettl.pro:443)
[Thu Jul 01 14:50:05.502865 2021] [rewrite:trace2] [pid 7018:tid 139912673023744] mod_rewrite.c(480): [client 10.10.5.223:19000] 10.10.5.223 - - [apache.mettl.pro/sid#7f40038feb90][rid#7f3ff422d0a0/initial] init rewrite engine with requested uri /prelogin/ping
[Thu Jul 01 14:50:05.502879 2021] [rewrite:trace3] [pid 7018:tid 139912673023744] mod_rewrite.c(480): [client 10.10.5.223:19000] 10.10.5.223 - - [apache.mettl.pro/sid#7f40038feb90][rid#7f3ff422d0a0/initial] applying pattern '^(.*)$' to uri '/prelogin/ping'
[Thu Jul 01 14:50:05.502902 2021] [rewrite:trace4] [pid 7018:tid 139912673023744] mod_rewrite.c(480): [client 10.10.5.223:19000] 10.10.5.223 - - [apache.mettl.pro/sid#7f40038feb90][rid#7f3ff422d0a0/initial] RewriteCond: input='apache.mettl.pro' pattern='^www\\.(.*)$' [NC] => not-matched
[Thu Jul 01 14:50:05.503037 2021] [rewrite:trace1] [pid 7018:tid 139912673023744] mod_rewrite.c(480): [client 10.10.5.223:19000] 10.10.5.223 - - [apache.mettl.pro/sid#7f40038feb90][rid#7f3ff422d0a0/initial] pass through /prelogin/ping
[Thu Jul 01 14:50:05.503166 2021] [authz_core:debug] [pid 7018:tid 139912673023744] mod_authz_core.c(818): [client 10.10.5.223:19000] AH01626: authorization result of Require all denied: denied
[Thu Jul 01 14:50:05.503179 2021] [authz_core:debug] [pid 7018:tid 139912673023744] mod_authz_core.c(818): [client 10.10.5.223:19000] AH01626: authorization result of <RequireAny>: denied
[Thu Jul 01 14:50:05.503186 2021] [authz_core:error] [pid 7018:tid 139912673023744] [client 10.10.5.223:19000] AH01630: client denied by server configuration: /var/www/html/prelogin
[Thu Jul 01 14:50:05.503212 2021] [headers:debug] [pid 7018:tid 139912673023744] mod_headers.c(891): AH01503: headers: ap_headers_error_filter()

Comment 1 Yann Ylavic 2021-07-01 12:38:13 UTC

(In reply to Abhishek Kr Sharma from comment #0)
> Apache conf:
> 
> <VirtualHost *:443>
>         ServerName apache.mettl.pro
>         ...
> </VirtualHost>

It looks like the VirtualHost above is not selected to handle the connection/request.

> 
> 
> Error_logs:
> 
> [Thu Jul 01 14:50:05.496838 2021] [ssl:debug] [pid 7018:tid 139912673023744]
> ssl_engine_kernel.c(2425): [client 10.10.5.223:19000] AH02645: Server name
> not provided via TLS extension (using default/first virtual host)

This and the following logs show RewriteRule(s) outputs but nothing proxy related.

Please check your VirtualHosts declarations/order with "apachectl -S", if SNI is required to access this virtual host then it can't work for non-SNI clients.

Comment 2 Abhishek Kr Sharma 2021-07-01 12:53:35 UTC

The issue is that it's not going to / Location just stay in given regex: 
 ^/((es|en|de)/test/?(/.*)?)


 applying pattern '^(.*)$' to uri '/prelogin/ping'


it should go to / for all reamined request. The same file is working on apache 2.4.46 .

Comment 3 Abhishek Kr Sharma 2021-07-01 12:56:55 UTC

<VirtualHost *:443>
        ServerName apache.mettl.pro
            SSLProxyEngine on
        ProxyPreserveHost On
        SSLProtocol TLSv1.2

        ProxyPassMatch ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1
        ProxyPassReverse ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1

        ProxyPass / http://localhost:9090/
        ProxyPassReverse / http://localhost:9090/

        ProxyRequests Off


        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"



        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
        SSLCertificateChainFile /etc/ssl/certs/server_bundle.crt


</VirtualHost>









After commenting this 
        ProxyPassMatch ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1
        ProxyPassReverse ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1


Everything is working fine.

Comment 4 Yann Ylavic 2021-07-01 13:27:54 UTC

Please provide the logs with "LogLevel trace5".

Comment 5 Abhishek Kr Sharma 2021-07-01 14:01:06 UTC

Logs :


[Thu Jul 01 19:30:11.214657 2021] [ssl:info] [pid 20479:tid 139815009842944] [client 10.10.6.121:25916] AH01964: Connection to child 263 established (server apache.mettl.pro:443)
[Thu Jul 01 19:30:11.214777 2021] [ssl:trace2] [pid 20479:tid 139815009842944] ssl_engine_rand.c(126): Server: Seeding PRNG with 656 bytes of entropy
[Thu Jul 01 19:30:11.214842 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2204): [client 10.10.6.121:25916] OpenSSL: Handshake: start
[Thu Jul 01 19:30:11.214887 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: before SSL initialization
[Thu Jul 01 19:30:11.214919 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 5/5 bytes from BIO#7f2910003840 [mem: 7f29100090e3] 
[Thu Jul 01 19:30:11.214931 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 163/163 bytes from BIO#7f2910003840 [mem: 7f29100090e8] 
[Thu Jul 01 19:30:11.214939 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: before SSL initialization
[Thu Jul 01 19:30:11.214953 2021] [ssl:debug] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2425): [client 10.10.6.121:25916] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Thu Jul 01 19:30:11.215014 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS read client hello
[Thu Jul 01 19:30:11.215045 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write server hello
[Thu Jul 01 19:30:11.215098 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: write 4096/4096 bytes to BIO#7f2910003780 [mem: 7f2910012390] 
[Thu Jul 01 19:30:11.215138 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write certificate
[Thu Jul 01 19:30:11.216433 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write key exchange
[Thu Jul 01 19:30:11.216460 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: write 1154/1154 bytes to BIO#7f2910003780 [mem: 7f2910012390] 
[Thu Jul 01 19:30:11.216540 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write server done
[Thu Jul 01 19:30:11.217186 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 5/5 bytes from BIO#7f2910003840 [mem: 7f29100134e3] 
[Thu Jul 01 19:30:11.217206 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 70/70 bytes from BIO#7f2910003840 [mem: 7f29100134e8] 
[Thu Jul 01 19:30:11.217215 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write server done
[Thu Jul 01 19:30:11.217366 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 5/5 bytes from BIO#7f2910003840 [mem: 7f29100146d3] 
[Thu Jul 01 19:30:11.217379 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 1/1 bytes from BIO#7f2910003840 [mem: 7f29100146d8] 
[Thu Jul 01 19:30:11.217386 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS read client key exchange
[Thu Jul 01 19:30:11.217420 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 5/5 bytes from BIO#7f2910003840 [mem: 7f29100146d3] 
[Thu Jul 01 19:30:11.217444 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 40/40 bytes from BIO#7f2910003840 [mem: 7f29100146d8] 
[Thu Jul 01 19:30:11.217453 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS read change cipher spec
[Thu Jul 01 19:30:11.217474 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS read finished
[Thu Jul 01 19:30:11.217531 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write session ticket
[Thu Jul 01 19:30:11.217554 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write change cipher spec
[Thu Jul 01 19:30:11.217578 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: write 258/258 bytes to BIO#7f2910003780 [mem: 7f2910012390] 
[Thu Jul 01 19:30:11.217596 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2213): [client 10.10.6.121:25916] OpenSSL: Loop: SSLv3/TLS write finished
[Thu Jul 01 19:30:11.217610 2021] [ssl:trace3] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2208): [client 10.10.6.121:25916] OpenSSL: Handshake: done
[Thu Jul 01 19:30:11.217620 2021] [ssl:debug] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(2257): [client 10.10.6.121:25916] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jul 01 19:30:11.217774 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 5/5 bytes from BIO#7f2910003840 [mem: 7f2910003b53] 
[Thu Jul 01 19:30:11.217788 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 284/284 bytes from BIO#7f2910003840 [mem: 7f2910003b58] 
[Thu Jul 01 19:30:11.217803 2021] [core:trace5] [pid 20479:tid 139815009842944] protocol.c(710): [client 10.10.6.121:25916] Request received from client: GET /prelogin/ping HTTP/1.1
[Thu Jul 01 19:30:11.217887 2021] [ssl:debug] [pid 20479:tid 139815009842944] ssl_engine_kernel.c(422): [client 10.10.6.121:25916] AH02034: Initial (No.1) HTTPS request received for child 263 (server apache.mettl.pro:443)
[Thu Jul 01 19:30:11.217901 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(436): [client 10.10.6.121:25916] Headers received from client:
[Thu Jul 01 19:30:11.217907 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   X-Forwarded-For: 165.225.120.253
[Thu Jul 01 19:30:11.217912 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   X-Forwarded-Proto: https
[Thu Jul 01 19:30:11.217917 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   X-Forwarded-Port: 443
[Thu Jul 01 19:30:11.217921 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   Host: apache.mettl.pro
[Thu Jul 01 19:30:11.217926 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   X-Amzn-Trace-Id: Root=1-60ddca6b-13bcbc6648d90e810685849e
[Thu Jul 01 19:30:11.217938 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   User-Agent: Wget/1.21
[Thu Jul 01 19:30:11.217943 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   Accept: */*
[Thu Jul 01 19:30:11.217948 2021] [http:trace4] [pid 20479:tid 139815009842944] http_request.c(440): [client 10.10.6.121:25916]   Accept-Encoding: identity
[Thu Jul 01 19:30:11.217958 2021] [proxy:trace2] [pid 20479:tid 139815009842944] mod_proxy.c(686): [client 10.10.6.121:25916] AH03461: attempting to match URI path '/prelogin/ping' against pattern '^/((es|en|de)/test/?(/.*)?)' for proxying
[Thu Jul 01 19:30:11.218021 2021] [authz_core:debug] [pid 20479:tid 139815009842944] mod_authz_core.c(818): [client 10.10.6.121:25916] AH01626: authorization result of Require all denied: denied
[Thu Jul 01 19:30:11.218033 2021] [authz_core:debug] [pid 20479:tid 139815009842944] mod_authz_core.c(818): [client 10.10.6.121:25916] AH01626: authorization result of <RequireAny>: denied
[Thu Jul 01 19:30:11.218039 2021] [authz_core:error] [pid 20479:tid 139815009842944] [client 10.10.6.121:25916] AH01630: client denied by server configuration: /var/www/html/prelogin
[Thu Jul 01 19:30:11.218044 2021] [core:trace3] [pid 20479:tid 139815009842944] request.c(119): [client 10.10.6.121:25916] auth phase 'check access' gave status 403: /prelogin/ping
[Thu Jul 01 19:30:11.218058 2021] [headers:debug] [pid 20479:tid 139815009842944] mod_headers.c(891): AH01503: headers: ap_headers_error_filter()
[Thu Jul 01 19:30:11.218071 2021] [http:trace3] [pid 20479:tid 139815009842944] http_filters.c(1129): [client 10.10.6.121:25916] Response sent with status 403, headers:
[Thu Jul 01 19:30:11.218077 2021] [http:trace5] [pid 20479:tid 139815009842944] http_filters.c(1136): [client 10.10.6.121:25916]   Date: Thu, 01 Jul 2021 14:00:11 GMT
[Thu Jul 01 19:30:11.218082 2021] [http:trace5] [pid 20479:tid 139815009842944] http_filters.c(1139): [client 10.10.6.121:25916]   Server: Mettl_Server
[Thu Jul 01 19:30:11.218088 2021] [http:trace4] [pid 20479:tid 139815009842944] http_filters.c(958): [client 10.10.6.121:25916]   Strict-Transport-Security: max-age=31536000; includeSubDomains
[Thu Jul 01 19:30:11.218093 2021] [http:trace4] [pid 20479:tid 139815009842944] http_filters.c(958): [client 10.10.6.121:25916]   Content-Length: 199
[Thu Jul 01 19:30:11.218097 2021] [http:trace4] [pid 20479:tid 139815009842944] http_filters.c(958): [client 10.10.6.121:25916]   Content-Type: text/html; charset=iso-8859-1
[Thu Jul 01 19:30:11.218105 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(1760): [client 10.10.6.121:25916] coalesce: have 0 bytes, adding 215 more (buckets=1)
[Thu Jul 01 19:30:11.218111 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(1760): [client 10.10.6.121:25916] coalesce: have 215 bytes, adding 199 more (buckets=1)
[Thu Jul 01 19:30:11.218116 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(1821): [client 10.10.6.121:25916] coalesce: passing on 414 bytes
[Thu Jul 01 19:30:11.218129 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: write 443/443 bytes to BIO#7f2910003780 [mem: 7f291000d203] 
[Thu Jul 01 19:30:11.218143 2021] [ssl:trace4] [pid 20479:tid 139815009842944] ssl_engine_io.c(2310): [client 10.10.6.121:25916] OpenSSL: read 0/5 bytes from BIO#7f2910003840 [mem: 7f2910003b53]

Comment 6 Yann Ylavic 2021-07-01 14:59:40 UTC

Here are the logs I get with a similar configuration:

LogLevel trace5
<VirtualHost *:58080>
    ServerName localhost:58080

    ProxyPreserveHost on

    ProxyPassMatch ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1
    ProxyPassReverse ^/((es|en|de)/test/?(/.*)?) http://localhost:9090/$1

    ProxyPass / http://localhost:9090/
    ProxyPassReverse / http://localhost:9090/

    ErrorLog "logs/error_localhost_58080_log"
</VirtualHost>

$ curl -v -k http://localhost:58080/prelogin/pin
...

$ cat logs/error_localhost_58080_log 
[Thu Jul 01 16:48:09.036573 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(1938): AH00925: initializing worker http://localhost:9090/$1 shared
[Thu Jul 01 16:48:09.036581 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(1998): AH00927: initializing worker http://localhost:9090/$1 local
[Thu Jul 01 16:48:09.036588 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(2032): AH00930: initialized pool in child 347290 for (localhost) min=0 max=25 smax=25
[Thu Jul 01 16:48:09.036591 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(1938): AH00925: initializing worker http://localhost:9090/ shared
[Thu Jul 01 16:48:09.036594 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(1998): AH00927: initializing worker http://localhost:9090/ local
[Thu Jul 01 16:48:09.036600 2021] [proxy:debug] [pid 347290:tid 140737350260032] proxy_util.c(2032): AH00930: initialized pool in child 347290 for (localhost) min=0 max=25 smax=25
[Thu Jul 01 16:48:55.577246 2021] [core:trace5] [pid 347290:tid 140737333499648] protocol.c(708): [client ::1:40042] Request received from client: GET /prelogin/ping HTTP/1.1
[Thu Jul 01 16:48:55.577367 2021] [http:trace4] [pid 347290:tid 140737333499648] http_request.c(435): [client ::1:40042] Headers received from client:
[Thu Jul 01 16:48:55.577390 2021] [http:trace4] [pid 347290:tid 140737333499648] http_request.c(438): [client ::1:40042]   Host: localhost:58080
[Thu Jul 01 16:48:55.577406 2021] [http:trace4] [pid 347290:tid 140737333499648] http_request.c(438): [client ::1:40042]   User-Agent: curl/7.74.0
[Thu Jul 01 16:48:55.577421 2021] [http:trace4] [pid 347290:tid 140737333499648] http_request.c(438): [client ::1:40042]   Accept: */*
[Thu Jul 01 16:48:55.577446 2021] [proxy:trace2] [pid 347290:tid 140737333499648] mod_proxy.c(686): [client ::1:40042] AH03461: attempting to match URI path '/prelogin/ping' against pattern '^/((es|en|de)/test/?(/.*)?)' for proxying
[Thu Jul 01 16:48:55.577487 2021] [proxy:trace2] [pid 347290:tid 140737333499648] mod_proxy.c(686): [client ::1:40042] AH03461: attempting to match URI path '/prelogin/ping' against prefix '/' for proxying
[Thu Jul 01 16:48:55.577505 2021] [proxy:trace1] [pid 347290:tid 140737333499648] mod_proxy.c(772): [client ::1:40042] AH03464: URI path '/prelogin/ping' matches proxy handler 'proxy:http://localhost:9090/prelogin/ping'
[Thu Jul 01 16:48:55.577531 2021] [authz_core:debug] [pid 347290:tid 140737333499648] mod_authz_core.c(843): [client ::1:40042] AH01628: authorization result: granted (no directives)
[Thu Jul 01 16:48:55.577547 2021] [core:trace3] [pid 347290:tid 140737333499648] request.c(310): [client ::1:40042] request authorized without authentication by access_checker_ex hook: /prelogin/ping
[Thu Jul 01 16:48:55.577571 2021] [proxy_http:trace1] [pid 347290:tid 140737333499648] mod_proxy_http.c(62): [client ::1:40042] HTTP: canonicalising URL //localhost:9090/prelogin/ping
[Thu Jul 01 16:48:55.577618 2021] [proxy:trace2] [pid 347290:tid 140737333499648] proxy_util.c(2142): [client ::1:40042] http: found worker http://localhost:9090/ for http://localhost:9090/prelogin/ping
[Thu Jul 01 16:48:55.577638 2021] [proxy:debug] [pid 347290:tid 140737333499648] mod_proxy.c(1251): [client ::1:40042] AH01143: Running scheme http handler (attempt 0)
[Thu Jul 01 16:48:55.577655 2021] [proxy_http:trace1] [pid 347290:tid 140737333499648] mod_proxy_http.c(1977): [client ::1:40042] HTTP: serving URL http://localhost:9090/prelogin/ping
[Thu Jul 01 16:48:55.577684 2021] [proxy:debug] [pid 347290:tid 140737333499648] proxy_util.c(2336): AH00942: HTTP: has acquired connection for (localhost)
[Thu Jul 01 16:48:55.577703 2021] [proxy:debug] [pid 347290:tid 140737333499648] proxy_util.c(2392): [client ::1:40042] AH00944: connecting http://localhost:9090/prelogin/ping to localhost:9090
[Thu Jul 01 16:48:55.578180 2021] [proxy:debug] [pid 347290:tid 140737333499648] proxy_util.c(2615): [client ::1:40042] AH00947: connected /prelogin/ping to localhost:9090
...

So there is something fishy in your settings that ignores the ProxyPass directive, mine is logging this at startup:
    AH00925: initializing worker http://localhost:9090/$1 shared
    AH00925: initializing worker http://localhost:9090/ shared
Can you see these logs somewhere (maybe in the main error_log file)?

Comment 7 Yann Ylavic 2021-07-01 15:16:58 UTC

Wait, I was running a version < 2.4.48, now I see it.
Let me debug that..

Comment 8 Yann Ylavic 2021-07-02 10:37:58 UTC

Created attachment 37931 [details]
Fix ap_proxy_define_worker for matchable workers

The issue is that ProxyPass and ProxyPassMatch URLs were considered the same because anything after the '$' was being ignored.

Could you please try this patch (against 2.4.48)?

Comment 9 Yann Ylavic 2021-07-02 10:45:51 UTC

Created attachment 37932 [details]
Fix ap_proxy_define_worker for matchable workers (v2)

v2 to fix a regression with "unix:" schemes (unrelated to this PR).

Comment 10 Abhishek Kr Sharma 2021-07-02 11:43:54 UTC

I am not getting this file in my apache2 modules proxy_util.c . 

Can you please help me to setup.

Comment 11 Yann Ylavic 2021-07-02 12:04:08 UTC

First download the patch here: https://bz.apache.org/bugzilla/attachment.cgi?id=37932 (browser's "save page as" proposes to save the file "bz_65419-fix_proxy_define_worker-v2.patch").

Then:
$ cd /path/to/sources/httpd-2.4.48
$ ls
include modules server ...
$ patch -p0 < /path/to/downloaded/bz_65419-fix_proxy_define_worker-v2.patch
$ make && make install

If you have never compiled httpd from sources, please have a look at: https://httpd.apache.org/docs/current/install.html (the patch command above would go between the "Extract" and "Configure" phases).

Comment 12 Abhishek Kr Sharma 2021-07-02 12:05:48 UTC

Actually we don't compile. We just use apt install apache2 to install the same.

Is there any fix for that.

Comment 13 Yann Ylavic 2021-07-02 12:17:54 UTC

No, the fix is only is this PR for now, no distribution has picked it up yet.
To test it, you need to recompile httpd from sources (see the link provided in my previous comment), or recompile your distribution's apache2 package from sources (with the patch included, the procedure depends on the distribution, I can't help you with this).

Comment 14 Yann Ylavic 2021-07-03 13:51:17 UTC

Created attachment 37937 [details]
Fix ap_proxy_define_worker for matchable workers (v3)

Latest patch, as commited in r1891206 and r1891216.

Comment 15 Yann Ylavic 2021-09-20 23:05:16 UTC

Fixed in 2.4.49 (r1892569).