Sudden and sporadic errors from mod_proxy

Dennis Thrysøe

5/31/23, 7:32 AM

[Edit, addition]: Looks like this could be caused by an attack attempt. But not sure how it can be avoided? https://www.mail-archive.com/[email protected]/msg57219.html

I have an Ubuntu server with apache2. mod_proxy is forwarding requests to a java web server on a local port

ProxyPass / http://localhost:9003/ retry=0

Yesterday I suddenly started seeing errors. Sometimes there seems to be an error from the perspective of apache mod_proxy. The default "error" page is shown instead of the data from the backend server. Apache error log:

[Mon Jan 31 08:16:09.800927 2022] [proxy:error] [pid 1061:tid 140673390929664] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/apache2/ (localhost) failed
[Mon Jan 31 08:16:09.801876 2022] [proxy:error] [pid 1061:tid 140673390929664] AH00959: ap_proxy_connect_backend disabling worker for (localhost) for 0s

This started suddenly, with no known changes or updates on the machine. It is shifting all the time. Working for some time, then not working for some time etc., with seemingly no pattern.

There is no load on the machine, and no errors or noteworthy output from the java server at all.

Any ideas?

416

0 + 0

mod-proxy

apache2

Sir McPotato

5/31/23, 3:25 PM

Having the same strange symptoms than you in our production servers, without any changes too. Not to much informative, but let you know that - imho - you're not isolated

rogiller

5/31/23, 4:58 PM

We were seeing this today as well on some of our production servers... an Apache restart cleared it up at least for the time being... we are continuing to monitor our servers.

Kunal

5/31/23, 11:08 PM

We are seeing this issue too. FYI, for us, Apache is fronting a Tomcat container

rogiller

6/1/23, 12:53 PM

Found https://www.traccar.org/forums/topic/server-error/ this morning... the one commenter there seems to think it's an Apache exploit and links to https://www.rapid7.com/blog/post/2021/11/30/active-exploitation-of-apache-http-server-cve-2021-40438/

Sir McPotato

6/2/23, 9:32 AM

@rogiller I think this is indeed related, thanks! Time to plan updates

gmanjon

6/6/23, 8:45 PM

In that same rapid7 page says that is advisable to upgrade to 2.4.51 (time of writting) due to other vulnerabilities found in 2.4.49 ans 2.4.50. Just for everyone to know. I just upgraded my production server to 2.4.52. Thank you everyone.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Sudden and sporadic errors from mod_proxy

TH: ข้อผิดพลาดอย่างกะทันหันและเป็นระยะๆ จาก mod_proxy

RO: Erori bruște și sporadice de la mod_proxy

RU: Внезапные и спорадические ошибки от mod_proxy

VI: Lỗi đột ngột và lẻ tẻ từ mod_proxy

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.