Login Problems after Apache Update (?)

[Grisu86]

When we try to login, we get the following Screenshot in Firefox. I have tested the last stable and nightly version, on both the same.

When we was logged in, then there was no problem.

[sni]

what exactly do you do when you "When we try to login"

[Grisu86]

I just open the https://[hostname]/thruk/

[Grisu86]

the Screenshot shows the developer console in firefox to see, what is happended with the connections to the server

[thesnallygaster]

Same thing was happening to me today, it's working fine with apache 2.4.61 but it's broken on 2.4.62, the login site just keeps refreshing and &nocookie keeps being appended to the url. I managed to fix this by adding UNC flag to RewriteRules in /usr/share/thruk/thruk_cookie_auth.include, like this:

RewriteRule ^/(.*)$                  /%1/%{REMOTE_ADDR}~~%{HTTP:Authorization}~~%{HTTP:X-Thruk-Auth-Key}~~%{HTTP:X-Thruk-Auth-User}/____/$1/____/%{QUERY_STRING} [C,NS,UnsafeAllow3F,UNC]
RewriteRule ^(.*)$                   ${thruk_users:$1|/loginbad/} [C,NS,UnsafeAllow3F,UNC]
RewriteRule ^/pass/(.*)$             /$1 [NS,PT,L,E=!REMOTE_USER,UnsafeAllow3F,UNC]
RewriteRule ^/redirect/(.*)$         /$1 [NS,L,R=302,UnsafeAllow3F,UNC]
RewriteRule ^/loginok/([^/]+)/(.*)$  /$2 [NS,PT,L,E=REMOTE_USER:$1,UnsafeAllow3F,UNC]

[sni]

it's working fine with apache 2.4.61 but it's broken on 2.4.62

thanks for the hint, this makes it way easier... i can reproduce it on demo.thruk.org which uses that exact apache version already.

[thesnallygaster]

This seems to be the commit that broke it: https://github.com/apache/httpd/commit/9967bf49599f9be6eaaf9c5de5c84f15bb07df9f and this yet to be backported one is supposed to fix it I think https://github.com/apache/httpd/pull/473 I got to the UNC flag through this post on the mailing list https://www.mail-archive.com/dev@httpd.apache.org/msg78160.html

[sni]

I added a workaround here: https://github.com/sni/Thruk/commit/45a2cde8cc2c5785475f2357df4c862c888a19cd The idea is to always have some text between the slashes, so Apache does not remove them. I assume this UNC flag is probably not available in all Apache versions, so i was looking for a different fix.