Newly added virtual server hijacks all requests

5 posts / 0 new
Last post
#1 Fri, 12/07/2018 - 10:28
bpfh

Newly added virtual server hijacks all requests

Hello folks,

After upgrading to Webmin 1.900 and VirtualMin 6.05 on Debian 9, I noticed that adding a new virtual host starts hijacking traffic to other virtual hosts. With the help from https://www.virtualmin.com/documentation/web/troubleshooting#the_wrong_s..., I managed to pinpoint the problem into the newly created configurations in /etc/apache2/sites-enabled/*.conf.

All old configurations have the non-SSL VirtualHost entries defined as VirtualHost *:80, and the SSL entries as VirtualHost ip-address:443. The newly added host was assigned the format VirtualHost ip-address:port for both SSL and non-SSL. This caused the requests to be mishandled. After editing the configuration manually to the same *:80 format as the old ones, the problem was solved.

Has something changed in the way the entries are generated? Which format is correct?

Thanks!

Thu, 12/13/2018 - 03:21
MattWilcox

Thank f*** you found a solution to this. What a catastrophic bug this has been for us! Nice work, hopefully a fix will be in place soon.

Thu, 12/13/2018 - 10:36
aeg1313

Haha MattWilcox, exactly my feeling.

I think a permanent solution would be (from the link in OP's post) to replace all *:80 declarations with [ip-address]:80 declarations, right? I'm going to take an hour tomorrow to snapshot a server and do an advanced find-and-replace on all apache config files and deploy this 'fix'. If everything works out, I'll place a terminal one-liner find-and-replace which you should be able to apply to your servers too. (At least, we use one IP address so it won't work for you if you use multiple on one server).

Thu, 12/13/2018 - 12:44
acasto

I just had to deal with this myself. It appears to be a change in how Virtualmin decides which syntax to use. Per the Apache documentation here (https://httpd.apache.org/docs/2.4/vhosts/examples.html#mixed) it sounds like if there is only one IP:PORT statement it will treat it as though it is supposed to be the sole VirtualHost on that IP:PORT combo. The solution is just to make sure there's at least another site with the same syntax. Then it will revert back to proper name based hosting.

Changing everything to *:port will cause the issue to crop again the next time the configs are regenerated. Changing everything to IP:PORT should work. Or just change it to IP:PORT on a few and that should also work.

Mon, 12/24/2018 - 20:33
sfbob

I question the phrase "Newly added" in the subject line as I haven't added a virtual host in quite a while.

However no question about the cause and fix. Many thanks for the research and solution.

Topic locked