httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52149] New: mod_proxy_balancer serves wrong content
Date Mon, 07 Nov 2011 18:33:48 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52149

             Bug #: 52149
           Summary: mod_proxy_balancer serves wrong content
           Product: Apache httpd-2
           Version: 2.2.14
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_proxy_balancer
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: riccardo@reflab.com
    Classification: Unclassified


The server starts to serve random contents suddenly. By 'random' I mean that
request of the home page can returns images, css, javascript or the page of
another user.

Our Apache has many site configurations enabled but only one of these had the
load balancer:

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster>
  BalancerMember http://127.0.0.1:8081 route=8081
  BalancerMember http://127.0.0.1:8181 route=8181
  BalancerMember http://127.0.0.1:8281 route=8281
  ProxySet stickysession=ROUTEID
</Proxy>

and some rewrite rule to Zope servers.
The only site showing the strange behavior was the one with the balancer.

Apache is patched with the last security updates available for Ubuntu Lucid
(the last was apache2-mpm-worker on 2011-09-02).

Friday 4 November 2011 we begin to experience the strange behavior, after a
restart the site went right but starting over after some time (to few minutes
to hours).

Sunday we decide to remove the balancer and the behavior disappear. I check the
logs to spot an attack but without success.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message