Bug in pfSense 2.1.2Apache with mod_security-dev 2.4.9_1 pkg v0.3 + simple fix



  • It seems that in two files (thus far), there needs to be a small change to the Apache with mod_security 2.4.9_1 pkg v0.3:

    apply s/apache22/apache24/g to the following files:

    /usr/local/pkg/apache.template
    /usr/local/pkg/apache_mod_security.inc

    This made saving configurations work for my 2.1.2 installation again via the webConfigurator interface.

    edit:
    As it turns out, there's much, much much more that needs to be addressed within apache.template.  This package is broken.  I'm working on a fix.



  • any luck?

    I've tried changing the paths in the config files to point to apache24, but that doesn't do the trick.  Also previously tried softlinks from apache24 to nonexistent apache22, and complete copies of the apache24 directory to an apache22 directory.

    The point at which startup fails is now when it's looking for modules that no longer exist (and I checked, they don't).  Here's an example, but having removed one or two of the includes statements to see if it would start without a particular module, I can tell without checking the entire Includes list in httpd.conf that many modules are missing.

    'httpd: Syntax error on line 67 of /usr/pbi/proxy_mod_security-i386/etc/apache24/httpd.conf: Cannot load libexec/apache24/mod_authn_default.so into server: Cannot open "/usr/pbi/proxy_mod_security-i386/libexec/apache24/mod_authn_default.so"



  • Also stumbled upon this right now.

    I replaced the module list and have a clanky half-working setup, but now I can't run the load balancer functionality because of SHM related issues.

    [Fri Jun 06 19:32:29.042109 2014] [auth_digest:notice] [pid 21042:tid 677384512] AH01757: generating secret for digest authentication …
    [Fri Jun 06 19:32:30.011806 2014] [core:emerg] [pid 21042:tid 677384512] (17)File exists: AH00023: Couldn't create the proxy-balancer-shm mutex (file /var/run/proxy-balancer-shm-p70331f00_myhost.21042)
    [Fri Jun 06 19:32:30.011850 2014] [proxy_balancer:emerg] [pid 21042:tid 677384512] (17)File exists: AH01180: mutex creation of proxy-balancer-shm : p70331f00_myhost failed
    [Fri Jun 06 19:32:30.011856 2014] [:emerg] [pid 21042:tid 677384512] AH00020: Configuration Failed, exiting

    My list of modules in apache.template :

    LoadModule authn_file_module libexec/apache24/mod_authn_file.so
    LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
    LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
    LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
    #LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
    LoadModule authn_core_module libexec/apache24/mod_authn_core.so
    LoadModule authz_host_module libexec/apache24/mod_authz_host.so
    LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
    LoadModule authz_user_module libexec/apache24/mod_authz_user.so
    LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
    LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
    LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
    LoadModule authz_core_module libexec/apache24/mod_authz_core.so
    LoadModule access_compat_module libexec/apache24/mod_access_compat.so
    LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
    LoadModule auth_form_module libexec/apache24/mod_auth_form.so
    LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
    #LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
    LoadModule file_cache_module libexec/apache24/mod_file_cache.so
    LoadModule cache_module libexec/apache24/mod_cache.so
    #LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
    #LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
    #LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
    #LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
    LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
    #LoadModule macro_module libexec/apache24/mod_macro.so
    #LoadModule dbd_module libexec/apache24/mod_dbd.so
    LoadModule dumpio_module libexec/apache24/mod_dumpio.so
    LoadModule buffer_module libexec/apache24/mod_buffer.so
    LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
    LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
    LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
    LoadModule request_module libexec/apache24/mod_request.so
    LoadModule include_module libexec/apache24/mod_include.so
    LoadModule filter_module libexec/apache24/mod_filter.so
    #LoadModule substitute_module libexec/apache24/mod_substitute.so
    #LoadModule sed_module libexec/apache24/mod_sed.so
    LoadModule deflate_module libexec/apache24/mod_deflate.so
    LoadModule mime_module libexec/apache24/mod_mime.so
    LoadModule log_config_module libexec/apache24/mod_log_config.so
    LoadModule log_debug_module libexec/apache24/mod_log_debug.so
    LoadModule logio_module libexec/apache24/mod_logio.so
    LoadModule env_module libexec/apache24/mod_env.so
    LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
    LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
    LoadModule expires_module libexec/apache24/mod_expires.so
    LoadModule headers_module libexec/apache24/mod_headers.so
    LoadModule unique_id_module libexec/apache24/mod_unique_id.so
    LoadModule setenvif_module libexec/apache24/mod_setenvif.so
    LoadModule version_module libexec/apache24/mod_version.so
    LoadModule remoteip_module libexec/apache24/mod_remoteip.so
    LoadModule proxy_module libexec/apache24/mod_proxy.so
    LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
    LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
    LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
    #LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
    #LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
    #LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
    LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
    LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
    #LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
    LoadModule session_module libexec/apache24/mod_session.so
    LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
    LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
    LoadModule ssl_module libexec/apache24/mod_ssl.so
    LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
    LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
    LoadModule unixd_module libexec/apache24/mod_unixd.so
    LoadModule status_module libexec/apache24/mod_status.so
    LoadModule autoindex_module libexec/apache24/mod_autoindex.so
    LoadModule asis_module libexec/apache24/mod_asis.so
    #LoadModule cgi_module libexec/apache24/mod_cgi.so
    #LoadModule cgid_module libexec/apache24/mod_cgid.so
    #LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
    LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
    LoadModule negotiation_module libexec/apache24/mod_negotiation.so
    LoadModule dir_module libexec/apache24/mod_dir.so
    LoadModule imagemap_module libexec/apache24/mod_imagemap.so
    LoadModule actions_module libexec/apache24/mod_actions.so
    LoadModule speling_module libexec/apache24/mod_speling.so
    LoadModule userdir_module libexec/apache24/mod_userdir.so
    LoadModule alias_module libexec/apache24/mod_alias.so
    LoadModule rewrite_module libexec/apache24/mod_rewrite.so
    LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so



  • http://apache-http-server.18135.x6.nabble.com/httpd-2-4-2-Bug-in-mod-slotmem-shm-mod-proxy-balancer-td4998116.html

    This gave me the answer.
    You can't define a <proxy balancer:="">globally for it to be used in a <virtualhost>anymore.

    Right now the package creates a balancer.conf and a virtualhosts.conf which contain separate definitions.
    I could get things running smoothly by combining everything in virtualhosts.conf in the following way :

    <virtualhost a.b.c.d:443=""><proxy balancer:="" mysite="">BalancerMember https://…:443</proxy>
      <location>ProxyPass        balancer://mysite
        ProxyPassReverse balancer://mysite</location></virtualhost></virtualhost></proxy>



  • https://github.com/darksoul42/pfsense-packages/commit/9a75a8eb8f35ee3608a0989972026992b95bcf9e

    Whipped a quick and dirty fix (basically, affects apache.template and apache_mod_security.inc, you can grab these directly)
    XMLRPC Sync works too.



  • So mod_security-dev 2.4.9 v4 is what is listed in the packages. Is this an updated fix?

    I am working on using mod_security specifically to redirect to my webserver based on domain names for different websites.

    Thanks,
    Deawar



  • 2.4.9_2kg v0.42 would be what you want, as it integrates my fixes. (It hasn't been thoroughly tested on the mod_security side, though… :/)