Reporter Michael Rhyner (mikerhyner) Created Nov 26, 2019 11:45:50 AM Updated Nov 26, 2019 11:45:50 AM Priority Normal Type Bug State Submitted Assignee Laurent Declercq (nuxwin) Subsystem No subsystem Affected versions 1.5.1 Milestone 1.6.0 Severity No severity
If a customer configures URL Forwarding using Proxy Method and activated "Preserve Host" with a target URL pointing to the same, local server by mistake, there will occur infinite forwarding / proxy loop, resulting in Apache ressources exhaustion (reaching MaxRequestWorkers limit). Probably because the timeout within the "ProxyPassMatch" directive is set very high (7200), the websites on the server will be down for a long time (probably for the next 2 hours).
Steps to reproduce:
1. Go to Domains, click on Edit
2. Turn on URL Forwarding
3. Enter an address that points to same, local host
4. Beneath Forward Type select [PROXY] and [Preserve Host]
5. Click on [Update]
6. Next time the "origin" domain, where the forwarding is configured on, will be called from a user's browser (or a search bot), the server will lock up/"hang" because of infinite proxy loop. This can only be stopped by either turning off redirection for the domain (if the panel can be still reached over nginx port 8443), or in worst case, a restart of apache2 has to be done for websites on the server get reachable again.
Proposal to solve that issue:
- add directive "ProxyMaxForwards 15" above "# SECTION proxy_fwd END." within template file "domain.tpl" located within /etc/imscp/apache/parts/. Then request will then be stopped after reaching 15 proxy iterations (in case a customer has misconfigured forwarding, and it should be enough even if there are other proxies involved along the path to final host in case of proper usage).