Bug 66572 - mod_proxy broken
mod_proxy broken
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: apache (Show other bugs)
7.3
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-06-12 09:04 EDT by Christopher McCrory
Modified: 2007-03-26 23:53 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-16 13:00:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher McCrory 2002-06-12 09:04:56 EDT
Description of Problem:
mod_proxy multiple-cookie is broken for ProxyPass

Version-Release number of selected component (if applicable):

1.3.23 and possibly earlier, but not tested
http://www.apache.org/dist/httpd/CHANGES_1.3

multiple proxy fixes

post 1.3.24 patch for another proxy issue
http://www.apache.org/dist/httpd/patches/apply_to_1.3.24/proxy_http1.1_chunking.patch

How Reproducible:
always

Steps to Reproduce:
1. something like the following
LoadModule proxy_module         modules/mod_proxy.so
ProxyPass /images/              http://images.pricegrabber.com/images/

Actual Results:
Only the first cookie is passed

Expected Results:
All cookies passed

Additional Information:
	
see apache changelog
Comment 1 Christopher McCrory 2002-06-23 16:06:07 EDT
After security update:

==> error_log <==
[Sun Jun 23 13:01:02 2002] [error] mod_ssl: Init: (myserver.pricegrabber.com:80)
Unable to create SSL Proxy context (OpenSSL library error follows)
[Sun Jun 23 13:01:02 2002] [error] OpenSSL:
error:140A90A1:lib(20):func(169):reason(161)

When both SSL and proxy are used together

You can use one or the other, but not both


also FYI, with php 4.2.1 , mod_SSL must be loaded before mod_PHP

Comment 2 Graham Leggett 2002-07-19 07:44:52 EDT
mod_proxy is broken in v1.3.23 and v1.3.24.

The solution is for Redhat to either release apache v1.3.26 officially, or to
apply the proxy fixes committed between .23 and .26 to whatever version Redhat
wants to release.
Comment 3 Emergence By Design 2002-08-27 15:56:58 EDT
The bug in mod_proxy is infuriating, this was clearly the fault of the apache
team at the time, but I have gone back to the security patched 1.3.22 version
for RH7.2 on my RH7.3 box.
Comment 4 Graham Leggett 2002-09-03 03:57:46 EDT
Currently the bugs in mod_proxy have long since been fixed in v1.3.26, which was
released on 18 June. From that time it became the responsibility of Redhat to
ensure the relevant fixes were released to their users. As at 3 September (2 1/2
months later) nothing has been done, in fact the status on this bug is still set
to NEW.

When is Redhat going to do something about this? It is a real pain.
Comment 5 Need Real Name 2002-09-28 02:45:02 EDT
Gah, I second the previous commentor.  This makes RedHat's current Apache
package  useless as a front-end server to a mod_perl backend, which isn't all
that uncommon a use for Apache.
Comment 6 Christopher McCrory 2002-09-29 21:38:59 EDT
I'd be nice to get current apache , mod_ssl , and php updates for RH 7.x and RH
AS 2.1 .  I plan on getting RH AS , but not keeping up with apache 1.3 would be
a deal breaker.  :(
Comment 7 Joe Orton 2003-01-16 13:00:41 EST
This should be fixed in the upgrade to Apache 1.3.27 in the latest 
security errata:

https://rhn.redhat.com/errata/RHSA-2002-222.html
Comment 8 Christopher McCrory 2003-01-16 13:05:15 EST
Yep, it was.

I had almost forgotten about this as I had "rolled my own" updated rpms


Thanks, 

Note You need to log in before you can comment on or make changes to this bug.