Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 878833 - net-misc/apt-cacher-ng-3.7.4_p1-r1: sending invalid headers to 'DontCache' local web-server.
Summary: net-misc/apt-cacher-ng-3.7.4_p1-r1: sending invalid headers to 'DontCache' lo...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: John Helmert III
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-30 17:50 UTC by Bill Prendergast
Modified: 2022-11-01 16:38 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bill Prendergast 2022-10-30 17:50:15 UTC
net-misc/apt-cacher-ng is being used for a local distfiles mirror. The previous version worked as expected (3.6.3_p1-r2)

- A local system (rsync.localdomain) has its distfiles/ available via apache (Alias & directory acls)
- apt-cacher-ng also runs on this machine and will download files not in rsync.localdomain's distfiles/
- External scripts move apt-cache-ng cached gentoo/distfiles/ into rsync.localdomain's distfiles/
- Client systems have in make.conf
http_proxy="http://rsync.localdomain:3142"
 and in mirrors
local http://rsync.localdomain/gentoo

version 3.7.4_p1-r1 is sending a Host: header that apache is not processing:
"Host: rsync.localdomain, rsync.localdomain"
apache responds with ERROR 400: Bad Request.

Reproducible: Always

Steps to Reproduce:
1. File "/etc/apache2/modules.d/00_mod_log_config.conf" has the following log
configuration so as to include the client sent Host: header
<IfModule log_config_module>
#=== trimmed
## combined with Host header
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" HOST=%{Host}i" chost
#=== trimmed 
</IfModule>

2. Two apache vhosts (default_vhost:www and vhost:rsync) have CustomLog set with
   chost (see above)
www:
 CustomLog /var/log/apache2/www/chost_log chost
rsync:
 CustomLog /var/log/apache2/rsync/chost_log chost
 
3. apt-cacher-ng has a custom gentoo remap (my ISP has a local mirror that is not
  in gentoo's mirrors list, neither in the package nor on Gentoo's mirrors page)
Remap-gentoo: file:gentoo_mirrors_au.gz /gentoo
## ISP rejects the default apt-cacher-ng agent string
UserAgent: Wget/1.20.3 (linux-gnu)
DontCache: rsync.localdomain nstor.localdomain www.localdomain /distfiles/layout\.conf


Actual Results:  
net-misc/apt-cacher-ng-3.7.4_p1-r1: apache hands off to default vhost,
/var/log/apache2/www/chost_log:
10.144.1.11 - - [31/Oct/2022:03:37:38 +1100] "GET /gentoo/distfiles/mumble-1.4.287.tar.gz HTTP/1.1" 400 294 "-" "Wget/1.20.3 (linux-gnu), Wget/1.21.3" HOST=rsync.localdomain, rsync.localdomain

Expected Results:  
net-misc/apt-cacher-ng-3.6.3_p1-r2: apache hands off to rsync vhost,
/var/log/apache2/rsync/chost_log:
10.144.1.11 - - [31/Oct/2022:03:41:36 +1100] "GET /gentoo/distfiles/mumble-1.4.287.tar.gz HTTP/1.1" 200 9457292 "-" "Wget/1.20.3 (linux-gnu)" HOST=rsync.localdomain

notice the referrer seems to have picked up the wget agent string from the portage client.
I suspect the invalid Host: header is also merged from the portage client. i.e. acng has appended the clients Host: to its request resulting in a double (comma separated) host.
Comment 1 Bill Prendergast 2022-10-30 18:05:44 UTC
Confirming that removing rsync.localdomain from DontCache sends the correct headers to the web-server

## apt-cacher-ng.conf
#DontCache: rsync.localdomain nstor.localdomain www.localdomain /distfiles/layout\.conf
DontCache: nstor.localdomain www.localdomain /distfiles/layout\.conf


net-misc/apt-cacher-ng-3.7.4_p1-r1
apache logs to rsync vhost /var/log/apache2/rsync/chost_log:
10.144.1.11 - - [31/Oct/2022:04:59:50 +1100] "GET /gentoo/distfiles/mumble-1.4.287.tar.gz HTTP/1.1" 200 9457292 "-" "Wget/1.20.3 (linux-gnu)" HOST=rsync.baisenvar.info


HOWEVER
this setup results in apt-cacher-ng essentially copying from /var/cache/distfiles to /var/cache/apt-cacher-ng/gentoo/distfiles

This is entirely unwanted.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 14:33:29 UTC
I don't quite follow what your Apache logs mean.

Maybe you could reproduce the issue via `curl -v`? `curl -H` will add arbitrary headers.
Comment 3 Bill Prendergast 2022-10-31 16:36:16 UTC
(In reply to John Helmert III from comment #2)
> I don't quite follow what your Apache logs mean.
> 
> Maybe you could reproduce the issue via `curl -v`? `curl -H` will add
> arbitrary headers.

The items of interest in the apache logs are the logged User-Agent (\"%{User-Agent}i\") and the logged host header (HOST=%{Host}i)

The format of the log line is based upon the Gentoo supplied "00_mod_log_config.conf" combined common & referrer & user-agent logtype (called combined). With the HOST=%{Host}i construct on the end of the line to include the Host: header the client sent.

Looking at the User-Agent: and Host: headers received and logged by apache (each received via apt-cacher-ng)

apt-cacher-ng-3.6.3_p1-r2:
 # correctly picked up by the rsync vhost
 User-Agent: "Wget/1.20.3 (linux-gnu)"
 Host: "rsync.localdomain"

apt-cacher-ng-3.7.4_p1-r1
 # fell through to default vhost
 User-Agent: "Wget/1.20.3 (linux-gnu), Wget/1.21.3"
 Host: "rsync.localdomain, rsync.localdomain"


Note 1, The client connecting to apt-cacher-ng was requesting proxy to rsync.localdomain and was using wget-1.21.3. (and the likely source of values after the comma).

Note 2, "Wget/1.20.3 (linux-gnu)" is set as apt-cacher-ng User-Agent


Once the rsync.localdomain is removed from the DontCache setting in apt-cacher-ng.conf:

apt-cacher-ng-3.7.4_p1-r1 (with rsync.localdomain removed from DontCache)
 # correctly picked up by rsync vhost
 User-Agent: "Wget/1.20.3 (linux-gnu)"
 Host: "rsync.localdomain"


This leads me to believe something happens with processing the proxy requests for DontCache.
(If this supposition is true, then it follows that proxying requests for upstream mirror's layout.conf should also similarly fail - but I did not capture and do have any console logs of the portage fetch pass to verify this).
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-01 16:10:46 UTC
I imagine this is an upstream bug rather than something I should handle in Gentoo.
Comment 5 Bill Prendergast 2022-11-01 16:28:51 UTC
(In reply to John Helmert III from comment #4)
> I imagine this is an upstream bug rather than something I should handle in
> Gentoo.

Yes, I agree. However I've no idea where 'upstream' bug reports go as the author's page points to pages under alioth.debian.org which has no A nor AAAA.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-01 16:38:38 UTC
Report to Debian's Gitlab, I guess: https://salsa.debian.org/blade/apt-cacher-ng/-/issues