https://bz.apache.org/bugzilla/show_bug.cgi?id=65737
--- Comment #3 from Andrii Ustymenko <ustymenko.andrew@gmail.com> ---
Hi all,
Have the same issue in 2.4.55. Apparently the code mentioned earlier
:~$ vim mod_proxy_balancer.c
[...]
/* Ignore parameters if this looks like XSRF */
ref = apr_table_get(r->headers_in, "Referer");
if (apr_table_elts(params)
&& (!ref || !safe_referer(r, ref))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10187)
"ignoring params in balancer-manager cross-site access");
apr_table_clear(params);
}
[...]
is checking for the Referer header in the request. The correct Referer can be
taken from DevTools when accessing balancer-manager page in the browser and
clicking on the corresponding backend.
Adding that to the request will fix the issue.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
--- Comment #3 from Andrii Ustymenko <ustymenko.andrew@gmail.com> ---
Hi all,
Have the same issue in 2.4.55. Apparently the code mentioned earlier
:~$ vim mod_proxy_balancer.c
[...]
/* Ignore parameters if this looks like XSRF */
ref = apr_table_get(r->headers_in, "Referer");
if (apr_table_elts(params)
&& (!ref || !safe_referer(r, ref))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10187)
"ignoring params in balancer-manager cross-site access");
apr_table_clear(params);
}
[...]
is checking for the Referer header in the request. The correct Referer can be
taken from DevTools when accessing balancer-manager page in the browser and
clicking on the corresponding backend.
Adding that to the request will fix the issue.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org