Server Fault Asked by Herzog on December 18, 2021
1 of ~150 server clients (in different locations and with different network setups) is not redirected through my apache service. I need to know where the problem is but can’t figure it out.
All clients access a virtual host and send the same requests against the proxy:
<VirtualHost *:80>
ServerName update.***.tld
ServerAdmin [email protected]
CustomLog /var/log/apache2/update.***.tld_access.log combined
ErrorLog /var/log/apache2/update.***.tld_error.log
# redirect all http request to https
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerName update.***.tld
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wildcard.***.tld.cert
SSLCertificateKeyFile /etc/ssl/private/wildcard.***.tld.key
SSLCertificateChainFile /etc/ssl/certs/wildcard.***.tld.combined.cert
CustomLog /var/log/apache2/update.***.tld_access.log combined
ErrorLog /var/log/apache2/update.***.tld_error.log
TimeOut 3600
KeepAlive On
AddDefaultCharset UTF-8
SSLProxyEngine on
ProxyPreserveHost Off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
ProxyTimeout 15
ProxyRequests Off
ProxyPass / https://***-***-prod.aws.tld/
ProxyPassReverse / https://***-***-prod-prod.aws.tld/
<Proxy *>
AddDefaultCharset UTF-8
Require all granted
</Proxy>
</VirtualHost>
tcpdump on corrupt client:
tcpdump -i eth0 -vvv host update.***.tld > dump
https://gist.github.com/herz0g/e02ef883688c904667164a175955ecc0
I guess it is a problem on the customer side network otherwise it would not work for 150 other clients but I am not sure how to prove that or what could be debugged further.
As mentioned by @PatrickMevzek this wasn't a network or DNS issue. I checked the logs with debug level enabled and noticed this error:
[Fri Jul 24 12:33:11.463639 2020] [ssl:info] [pid 9792:tid 139651482162944] [client clientip:26294] AH01964: Connection to child 441 established (server default.virtual.host:443)
[Fri Jul 24 12:33:11.463917 2020] [ssl:debug] [pid 9792:tid 139651482162944] ssl_engine_kernel.c(2096): [client clientip:26294] AH02043: SSL virtual host for servername update.***.tld found
[Fri Jul 24 12:33:11.612839 2020] [core:debug] [pid 9792:tid 139651482162944] protocol.c(1158): [client clientip:26294] AH02427: Request header value is malformed: TOKEN ******r
[Fri Jul 24 12:33:11.612873 2020] [core:debug] [pid 9792:tid 139651482162944] protocol.c(1318): [client clientip:26294] AH00567: request failed: error reading the headers
Seems that my config file on the client was screwed up for any reason but the content within the file was the same like for my other agents, also the rights and the owner was correct. I deleted the file and created a new one. Everything is working now.
Thanks for pointing me into the correct direction.
Answered by Herzog on December 18, 2021
You actually partly answer your own question:
when I send a wget from the client to my proxy on Port 443 it is correctly forwarded to the virtual host and logged in my custom log
The incorrect Apache redirect is the issue you have, because you're relying on the explicit port number, and that's not very common.
RewriteCond %{SERVER_PORT} !^443$
This suggest client doesn't have port number in the URI of the API call and when it's not present it fails.
Try to change the redirect configuration in Apache to suggestion in this answer
Answered by Geeky Masters on December 18, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP