www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Stewart <john.stew...@artesyn.com>
Subject mod_proxy/2731: Proxy server process using incorrect IP intermittently when accessing other virtual servers.
Date Tue, 28 Jul 1998 20:02:48 GMT

>Number:         2731
>Category:       mod_proxy
>Synopsis:       Proxy server process using incorrect IP intermittently when accessing
other virtual servers.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 28 13:10:01 PDT 1998
>Last-Modified:
>Originator:     john.stewart@artesyn.com
>Organization:
apache
>Release:        1.3.0
>Environment:
Solaris 2.6 x86

uname -a == "SunOS goat 5.6 Generic i86pc i386 i86pc"
>Description:
My Solaris box (goat) is using multiple IP addresses with the same physical
ethernet interface. Routes have been deleted such that all outgoing requests
go through the main interface (goat.heurikon.com).

Apache is configured with multiple virtual hosts, each with its own IP address.
The machine's main IP is configured to be a proxy server on port 8080. Other
virtual hosts include www.johnstewart.com and www.coldboot.com, each with its
own IP.

When using the Apache proxy to other web servers, they correctly see
goat.heurikon.com as the source address. However, when accessing another one
of the virtual servers on the same machine, it will sometimes correctly
see it as coming from goat.heurikon.com and sometimes from the hostname 
corresponding to the virtual server you are accessing. As an example, here
is the log corresponding to a two loads of www.coldboot.com:

www.coldboot.com - - [28/Jul/1998:14:53:55 -0500] "GET / HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:53:56 -0500] "GET /top.html HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:53:56 -0500] "GET /bottom.html HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:53:57 -0500] "GET /menu.html HTTP/1.0" 304 -
goat.heurikon.com - - [28/Jul/1998:14:53:57 -0500] "GET /main.html HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:53:57 -0500] "GET /pics/back.gif HTTP/1.0" 304 -

www.coldboot.com - - [28/Jul/1998:14:54:09 -0500] "GET / HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:54:10 -0500] "GET /top.html HTTP/1.0" 304 -
goat.heurikon.com - - [28/Jul/1998:14:54:10 -0500] "GET /bottom.html HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:54:11 -0500] "GET /menu.html HTTP/1.0" 304 -
goat.heurikon.com - - [28/Jul/1998:14:54:11 -0500] "GET /pics/back.gif HTTP/1.0" 304 -
www.coldboot.com - - [28/Jul/1998:14:54:11 -0500] "GET /main.html HTTP/1.0" 304 -

The client was the same machine, using goat.heurikon.com as the proxy server.

I wouldn't have noticed this problem if /server-status hadn't been restricted
to heurikon.com and I tried loading it from one of the other virtual servers.
It is usually denied, sometimes nore. Seems to be about a 1 to 4 ratio. I was
unable to ascertain a pattern.

I can provide further information on request - I'd be glad to provide my config
files if that will help!

John Stewart
Network/Security Admin
Artesyn Technologies
john.stewart@artesyn.com
>How-To-Repeat:
Not sure if it's a Solaris specfic problem or not...
>Fix:
Nope.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message