Closed Grisu86 closed 1 week ago
what exactly do you do when you "When we try to login"
I just open the https://[hostname]/thruk/
the Screenshot shows the developer console in firefox to see, what is happended with the connections to the server
Same thing was happening to me today, it's working fine with apache 2.4.61 but it's broken on 2.4.62, the login site just keeps refreshing and &nocookie keeps being appended to the url. I managed to fix this by adding UNC flag to RewriteRules in /usr/share/thruk/thruk_cookie_auth.include, like this:
RewriteRule ^/(.*)$ /%1/%{REMOTE_ADDR}~~%{HTTP:Authorization}~~%{HTTP:X-Thruk-Auth-Key}~~%{HTTP:X-Thruk-Auth-User}/____/$1/____/%{QUERY_STRING} [C,NS,UnsafeAllow3F,UNC]
RewriteRule ^(.*)$ ${thruk_users:$1|/loginbad/} [C,NS,UnsafeAllow3F,UNC]
RewriteRule ^/pass/(.*)$ /$1 [NS,PT,L,E=!REMOTE_USER,UnsafeAllow3F,UNC]
RewriteRule ^/redirect/(.*)$ /$1 [NS,L,R=302,UnsafeAllow3F,UNC]
RewriteRule ^/loginok/([^/]+)/(.*)$ /$2 [NS,PT,L,E=REMOTE_USER:$1,UnsafeAllow3F,UNC]
it's working fine with apache 2.4.61 but it's broken on 2.4.62
thanks for the hint, this makes it way easier... i can reproduce it on demo.thruk.org which uses that exact apache version already.
This seems to be the commit that broke it: https://github.com/apache/httpd/commit/9967bf49599f9be6eaaf9c5de5c84f15bb07df9f and this yet to be backported one is supposed to fix it I think https://github.com/apache/httpd/pull/473 I got to the UNC flag through this post on the mailing list https://www.mail-archive.com/dev@httpd.apache.org/msg78160.html
I added a workaround here: https://github.com/sni/Thruk/commit/45a2cde8cc2c5785475f2357df4c862c888a19cd The idea is to always have some text between the slashes, so Apache does not remove them. I assume this UNC flag is probably not available in all Apache versions, so i was looking for a different fix.
When we try to login, we get the following Screenshot in Firefox. I have tested the last stable and nightly version, on both the same.
When we was logged in, then there was no problem.