65641 – (22)Invalid argument: AH02454: HTTPS: attempt to connect to Unix domain socket

Bug 65641 - (22)Invalid argument: AH02454: HTTPS: attempt to connect to Unix domain socket

Summary: (22)Invalid argument: AH02454: HTTPS: attempt to connect to Unix domain socket

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy (show other bugs)
Version:	2.4.41
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-10-19 14:52 UTC by 2005wind@gmail.com
Modified:	2022-06-16 14:17 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 2005wind@gmail.com 2021-10-19 14:52:16 UTC

Hello, I recently found that when httpd works as a reverse proxy, a 503 error occurs occasionally. The log is printed as follows:

[Sun Oct 17 02:55:01.091087 2021] [proxy:error] [pid 1212:tid 139759928190720] (22)Invalid argument: AH02454: HTTPS: attempt to connect to Unix domain socket /usr/local/apache/logs/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbaaaadddddddddddddaaaaa (web-vip) failed
[Sun Oct 17 02:55:01.091119 2021] [proxy_http:error] [pid 1212:tid 139759928190720] [client 10.232.234.195:53582] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: https://www.sitemask.com/
[Sun Oct 17 02:55:01.901670 2021] [proxy:error] [pid 1212:tid 139759844271872] (22)Invalid argument: AH02454: HTTPS: attempt to connect to Unix domain socket /usr/local/apache/logs/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbaaaadddddddddddddaaaaa (web-vip) failed
[Sun Oct 17 02:55:01.901713 2021] [proxy_http:error] [pid 1212:tid 139759844271872] [client 10.232.134.78:39138] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: https://www.sitemask.com/

Other information is as follows:
/usr/local/apache/bin/httpd -V
Server version: Apache/2.4.41 (Unix)
Server built:   Sep  6 2019 02:56:34
Server's Module Magic Number: 20120211:88
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr/local/apache"
 -D SUEXEC_BIN="/usr/local/apache/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf
 
ulimit -a
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 30446
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1048576
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

uname -a
Linux web-prod-rs-v030-n4gl9 5.4.110-54.182.amzn2.x86_64 #1 SMP Fri Apr 9 17:56:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

The uds file name completely exceeds the file name size limit of the Linux system.

Comment 1 apache 2022-01-31 07:13:59 UTC

We're seeing this error as well, albeit on a slightly different version (details below). I'm not 100% sure it's related, but it looks like it to me.

First, we have the following in the error.log, it looks like an attack from this client IP (which is also listed as malicious):

[Mon Jan 31 01:45:59.780187 2022] [proxy:warn] [pid 4248:tid 139664061830912] [client 185.180.143.138:37166] AH01144: No protocol handler was valid for the URL / (scheme 'https'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule., referer: http:/?unix:|

Note the "?unix:|" at the end. From this moment on, the backend is unreachable:

[Mon Jan 31 06:21:10.444950 2022] [proxy:error] [pid 4247:tid 139663763281664] (13)Permission denied: AH02454: HTTPS: attempt to connect to Unix domain socket /var/run/apache2/ (<URL_REMOVED>) failed
[Mon Jan 31 06:21:10.444998 2022] [proxy_http:error] [pid 4247:tid 139663763281664] [client <IP_REMOVED>:46136] AH01114: HTTP: failed to make connection to backend: httpd-UDS

Apache is on 2.4.38-3+deb10u4.

We've now updated to 2.4.38-3+deb10u7 on one system and see if behaviour changes.

Comment 2 Yann Ylavic 2022-06-16 14:17:02 UTC

It's been fixed in 2.4.52 (r1892874), please upgrade.