You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Marc Powell <ma...@ena.com> on 2005/08/06 00:12:53 UTC
[users@httpd] Environment Variable contamination between vhosts - 1.3.33
Hi all,
First time poster here so I apologize in advance for any gaffs. I've
Googled, searched the archives and the FAQ but can't find anything close
to what I'm experiencing.
I have apache-1.3.33, mod_ssl-2.8.22 (with patches), php-4.3.2 (with
patches), mod_perl-1.29-5 (with patches) running with the following
additional modules --
mod_jk.c, mod_ssl.c, mod_php4.c, mod_perl.c, mod_setenvif.c, mod_so.c,
mod_unique_id.c, mod_headers.c, mod_expires.c, mod_auth_db.c,
mod_auth_anon.c, mod_auth.c, mod_access.c, mod_rewrite.c, mod_alias.c,
mod_userdir.c, mod_actions.c, mod_imap.c, mod_asis.c, mod_cgi.c,
mod_dir.c, mod_autoindex.c, mod_include.c, mod_info.c, mod_status.c,
mod_negotiation.c, mod_mime.c, mod_log_referer.c, mod_log_agent.c,
mod_log_config.c, mod_env.c, mod_vhost_alias.c, http_core.c
This server is handling a half dozen HTTP/HTTPS vhost pairs. Each vhost
is running on a separate IP ala --
Listen 1.1.1.1:80
Listen 1.1.1.1:443
<VirtualHost 1.1.1.1:80>
...
</VirtualHost>
<VirtualHost 1.1.1.1:443>
...
</VirtualHost>
Listen 1.1.1.2:80
Listen 1.1.1.2:443
<VirtualHost 1.1.1.2:80>
...
</VirtualHost>
<VirtualHost 1.1.1.2:443>
...
</VirtualHost>
And so forth... We discovered a problem where the HTTPS environment
variable was incorrectly being set to ON for normal HTTP requests for
one of our vhosts running SquirrelMail. Further investigation revealed
that a number of environment variables were being cross-contaminated
between virtual hosts. For example, running phpinfo() under VirtualHost
1.1.1.1 would yield the following on one request (with no contamination)
--
_SERVER["REMOTE_ADDR"] 172.27.a.a
_SERVER["REMOTE_PORT"] 3477
_SERVER["SCRIPT_FILENAME"] /path/to/phpinfo.php
_SERVER["SERVER_ADDR"] 1.1.1.1
_SERVER["SERVER_ADMIN"] noc@ena.com
_SERVER["SERVER_NAME"] my.vhost1.foo
_SERVER["SERVER_PORT"] 80
_SERVER["SERVER_SIGNATURE"] no value
_SERVER["SERVER_SOFTWARE"] Apache
_SERVER["UNIQUE_ID"] QvPfa38AAAEAAEgoDnc
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.0
_SERVER["REQUEST_METHOD"] GET
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["PATH_TRANSLATED"] /path/to/phpinfo.php
_SERVER["PHP_SELF"] /phpinfo.php
And a few _ENV[] variables set such as HOSTNAME, etc... A refresh
however might return the following additions --
_SERVER["REMOTE_ADDR"] 172.27.a.a
_SERVER["REMOTE_PORT"] 2901
_SERVER["SCRIPT_FILENAME"] /path/to/phpinfo.php
_SERVER["SERVER_ADDR"] 1.1.1.1
_SERVER["SERVER_ADMIN"] noc@ena.com
_SERVER["SERVER_NAME"] my.vhost1.foo
_SERVER["SERVER_PORT"] 80
_ENV["HTTPS"] on
_ENV["REMOTE_ADDR"] 66.5.b.b
_ENV["REMOTE_PORT"] 4947
_ENV["SCRIPT_FILENAME"] /path/to/some/other/site/login
_ENV["SERVER_ADDR"] 1.1.1.2
_ENV["SERVER_ADMIN"] noc@ena.com
_ENV["SERVER_NAME"] my.vhost2.foo
_ENV["SERVER_PORT"] 443
_ENV["SERVER_SIGNATURE"] no value
_ENV["SERVER_SOFTWARE"] Apache
_ENV["ssl-unclean-shutdown"] 1
_ENV["UNIQUE_ID"] QvPfr38AAAEAAEgqEyQ
_ENV["GATEWAY_INTERFACE"] CGI-Perl/1.1
_ENV["SERVER_PROTOCOL"] HTTP/1.1
_ENV["REQUEST_METHOD"] POST
_ENV["QUERY_STRING"] no value
_ENV["REQUEST_URI"] /login
_ENV["SCRIPT_NAME"] /login
Essentially, I am seeing the environment variables (at the least) for
someone else's request to a completely different vhost on a completely
different Listen IP. Has anyone seen this before? Any direction where to
look? I've tried disabling mod_env just to see if that was it but it had
no effect. I can't easily disable mod_perl or mod_php for testing
purposes as this is a production machine. I actually have two machines
that are experiencing this. Both are identical. I've been searching for
a couple of days now but I apparently can't hit on the right combination
of terms ;) In 8 years of using Apache this is the first time I've seen
anything like this. I'm not convinced this is an apache _daemon_ issue
so feel free to direct me somewhere else more appropriate (i.e.
mod_perl, etc).
Any hints or guidance would really be appreciated.
Thanks.
--
Marc Powell
Senior Systems Engineer
ENA/ConnecTEN
marc@ena.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Environment Variable contamination between vhosts - 1.3.33
Posted by Joshua Slive <js...@gmail.com>.
On 8/5/05, Marc Powell <ma...@ena.com> wrote:
> And so forth... We discovered a problem where the HTTPS environment
> variable was incorrectly being set to ON for normal HTTP requests for
> one of our vhosts running SquirrelMail. Further investigation revealed
> that a number of environment variables were being cross-contaminated
> between virtual hosts. For example, running phpinfo() under VirtualHost
> 1.1.1.1 would yield the following on one request (with no contamination)
The first thing to do is to repeat this test with a standard CGI
script that dumps the environment (one is included with apache httpd).
This will help you figure out if it is a php problem or a general
apache problem.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org