Bug 69241 - balancer URL mangled after rewrite in 2.4.62+
Summary: balancer URL mangled after rewrite in 2.4.62+
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy_balancer (show other bugs)
Version: 2.4.62
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-05 09:46 UTC by Dave
Modified: 2024-08-28 08:46 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dave 2024-08-05 09:46:01 UTC
Given a simple RewriteRule of:

RewriteRule ^ http://10.0.0.1/?domain=%{HTTP_HOST} [P,END]

For a request with a Host: header of:

Host: unlikely-to-exist.com
..

The remote end sees:

"GET /?domain=unlikely-to-exist.com HTTP/1.1"

as expected. However, if the url is made a balancer:

<Proxy "balancer://forwarders">
                        BalancerMember "http://10.0.0.1:80" retry=60 keepalive=On ttl=60 smax=3 max=10
                        BalancerMember "http://10.0.0.2:80" retry=60 keepalive=On ttl=60 smax=3 max=10
                        BalancerMember "http://10.0.0.3:80" retry=60 keepalive=On ttl=60 smax=3 max=10
                        ProxySet lbmethod=bybusyness timeout=3 failontimeout=On
</Proxy>

RewriteRule ^ balancer://members/?domain=%{HTTP_HOST} [P,END]

The remote end now sees:

"GET /%3Fdomain=unlikely-to-exist.com?domain=unlikely-to-exist.com HTTP/1.1"

which is obviously mangled, where it worked prior to 2.4.62. I understand there are ongoing changes related to addressing %3F encoding security issues, but I don't think this particular behaviour has been reported anywhere before. Attempting to patch for, say, PR69197 does not improve matters, and a suggested fix for PR69235 also breaks the non-balanced case.
Comment 1 Ruediger Pluem 2024-08-08 15:38:30 UTC
Unfortunately I cannot reproduce the below issue with 2.4.62 and the following minimal configuration:

ServerRoot "/usr/src/apache/apache_2.4.62"

Listen 9090

LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

User daemon
Group daemon

DocumentRoot "/usr/src/apache/apache_2.4.62/htdocs"
<Directory "/usr/src/apache/apache_2.4.62/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

ErrorLog "logs/error_log"

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" common

RewriteEngine On
RewriteRule ^ balancer://forwarders/?domain=%{HTTP_HOST} [P,END]

<Proxy balancer://forwarders>
    Balancermember http://127.0.0.1:9998
    Balancermember http://127.0.0.1:9999
</Proxy>


Do I miss something in my configuration? What happens if you use the above configuration? Do things work correctly then?
Comment 2 Dave 2024-08-12 10:07:21 UTC
Apologies spending some time getting back to you over this, my local buildsys was broken due to a metadata issue. I can confirm that under my setup your config works; however wrapping the Rewrite rules in a <Directory> causes it to fail (/var/www/html in my case):

<Directory /usr/src/apache/apache_2.4.62/htdocs>
    RewriteEngine On
    RewriteRule ^ balancer://forwarders/?domain=%{HTTP_HOST} [P,END]
</Directory>
Comment 3 Dave 2024-08-21 15:32:01 UTC
I hope you don't mind, but I applied the proposed PR69260 patch to (trunk) mod_rewrite to test, as PR 69235/69241/69259/69260 look related?

The behaviour is odd - trunk mod_rewrite exhibits the same behaviour as the 2.4.62 release; with this patch, it fixes for the balancer:// rewrite both inside and outside of Directory context, but instead now breaks for a direct http:// URI rewrite inside (but not outside) of Directory context (the path is lost, it just requests /).
Comment 4 Ruediger Pluem 2024-08-22 06:35:44 UTC
(In reply to Dave from comment #3)
> I hope you don't mind, but I applied the proposed PR69260 patch to (trunk)
> mod_rewrite to test, as PR 69235/69241/69259/69260 look related?
> 
> The behaviour is odd - trunk mod_rewrite exhibits the same behaviour as the
> 2.4.62 release; with this patch, it fixes for the balancer:// rewrite both
> inside and outside of Directory context, but instead now breaks for a direct
> http:// URI rewrite inside (but not outside) of Directory context (the path
> is lost, it just requests /).

Have you tried taking the 2.4.62 mod_rewrite.c source and applying the patches from PR 69235 and 69260, namely https://bz.apache.org/bugzilla/attachment.cgi?id=39832 and https://bz.apache.org/bugzilla/attachment.cgi?id=39842 ?
Comment 5 Dave 2024-08-22 08:40:45 UTC
(In reply to Ruediger Pluem from comment #4)
> (In reply to Dave from comment #3)
> > I hope you don't mind, but I applied the proposed PR69260 patch to (trunk)
> > mod_rewrite to test, as PR 69235/69241/69259/69260 look related?
> > 
> > The behaviour is odd - trunk mod_rewrite exhibits the same behaviour as the
> > 2.4.62 release; with this patch, it fixes for the balancer:// rewrite both
> > inside and outside of Directory context, but instead now breaks for a direct
> > http:// URI rewrite inside (but not outside) of Directory context (the path
> > is lost, it just requests /).
> 
> Have you tried taking the 2.4.62 mod_rewrite.c source and applying the
> patches from PR 69235 and 69260, namely
> https://bz.apache.org/bugzilla/attachment.cgi?id=39832 and
> https://bz.apache.org/bugzilla/attachment.cgi?id=39842 ?

I've just tried this, and great! It passes the 4 simple test cases (http:// and balancer:// both inside and outside of Directory context)
Comment 6 Eric Covener 2024-08-22 12:07:38 UTC
(In reply to Dave from comment #5)
> (In reply to Ruediger Pluem from comment #4)
> > (In reply to Dave from comment #3)
> > > I hope you don't mind, but I applied the proposed PR69260 patch to (trunk)
> > > mod_rewrite to test, as PR 69235/69241/69259/69260 look related?
> > > 
> > > The behaviour is odd - trunk mod_rewrite exhibits the same behaviour as the
> > > 2.4.62 release; with this patch, it fixes for the balancer:// rewrite both
> > > inside and outside of Directory context, but instead now breaks for a direct
> > > http:// URI rewrite inside (but not outside) of Directory context (the path
> > > is lost, it just requests /).
> > 
> > Have you tried taking the 2.4.62 mod_rewrite.c source and applying the
> > patches from PR 69235 and 69260, namely
> > https://bz.apache.org/bugzilla/attachment.cgi?id=39832 and
> > https://bz.apache.org/bugzilla/attachment.cgi?id=39842 ?
> 
> I've just tried this, and great! It passes the 4 simple test cases (http://
> and balancer:// both inside and outside of Directory context)

Thanks for the quick testing!
Comment 7 Dave 2024-08-28 08:46:02 UTC
I've just been looking over this and think I should make clear that the fix worked against the trunk mod_rewrite.c at that time, and not the 2.4.62 release mod_rewrite.c (mod_rewrite.h not updated to retain same API versioning) due to one of the patches not applying to 2.4.62.