Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Control draining mode for load balancer via script, |
|
Author |
|
dfluess
Joined: 16 May 2024 Posts: 1 Location: Deutschland, Rostock
|
Posted: Thu 16 May '24 16:59 Post subject: Control draining mode for load balancer via script, |
|
|
Hello Steffen,
I'm in the operations team and am currently developing an interface to control the Apache load balancer via PS. For example, the “draining mode” should be switched on or off for individual members using a script.
Since I couldn't find anything on the Internet as to why Apache always logs "ignoring params in balancer-manager cross-site access (null): localhost" when executing a script, I would like to turn to this forum. I have a simple script that I would like to use to implement this. The script is executed on the same server where the balancer manager is running.
Code: |
$BalancerManagerUrl = "http://localhost/balancer-manager"
$BalancerName = "valuemation1"
# Definiere die Aktionen, die ausgeführt werden sollen
$DrainWorkerUrl = "${BalancerManagerUrl}?b=${BalancerName}&dw=Enable"
$DrainSessionUrl = "${BalancerManagerUrl}?b=${BalancerName}&bs=Enable&w_status_D=1"
# Sende die Anfragen an den balancer-manager
Invoke-WebRequest -Uri $DrainWorkerUrl
Invoke-WebRequest -Uri $DrainSessionUrl
|
Since I don't know the exact switches and parameters, I tried different things. But I can't even get that far. And here is the relevant excerpt from httpd.conf.
Code: |
Define SRVROOT "c:\Apache24"
ServerRoot "${SRVROOT}"
Listen 80
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule status_module modules/mod_status.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin admin@example.com
ServerName localhost:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "${SRVROOT}/htdocs"
<Directory "${SRVROOT}/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Options None
AllowOverride All
Require valid-user
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error.log"
LogLevel debug
<IfModule alias_module>
ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/"
</IfModule>
<Directory "${SRVROOT}/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
AcceptFilter http none
AcceptFilter https none
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-autoindex.conf
#Include conf/extra/httpd-info.conf
DefaultLanguage de
AddDefaultCharset ISO-8859-1
RemoteIPHeader X-Forwarded-For
## Beispiel:
# https://sirmark.de/computer/konfiguration-eines-apache-load-balancer-1125.html
ProxyRequests Off
ProxyPreserveHost Off
KeepAlive On
KeepAliveTimeout 60
<Proxy *>
setenv proxy-initial-not-pooled 1
setenv proxy-nokeepalive 0
setenv force-proxy-request-1.0 0
Deny from all
Allow from 127.0.0.1
Allow from all
</Proxy>
proxyPass / balancer://valuemation1/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On
ProxyPassReverse / balancer://valuemation1/ nofailover=On
<Proxy balancer://valuemation1>
BalancerMember ajp://localhost:8009 route=Valuemation_TEST_01 secret=xxxxxx. ttl=60
ProxySet lbmethod=byrequests
#ProxySet lbmethod=bytraffic
ProxySet forcerecovery=On
</Proxy>
<VirtualHost *:80>
ServerName localhost
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
Header set Access-Control-Allow-Credentials "true"
ProxyPass /balancer-manager !
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
<Location "/balancer-manager">
SetHandler balancer-manager
Require all granted
# Require local
Require host localhost
</Location>
|
Mode note: added code tags |
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Thu 16 May '24 22:55 Post subject: |
|
|
Regarding your error messages "ignoring params in balancer-manager cross-site access (null): localhost".
If you look at the source code for mod_proxy_balancer.c, you'll see this occurs when the referer header in your web request fails to match the host of the request. It's a basic XSRF check, on the basis the requesting host should already be approved to access the balancer manager.
However, beyond setting up a request header with the appropriate 'Referer' for your Invoke-WebRequest, I believe your Powershell script is going to need some further enhancements, not least of which is interactive changes to the balancer manager state are made through POST requests.
What I suggest you do is use a Developer Tools window on a browser, connected to your balancer manager, and look at the appropriate GET query string requests and POST parameters when making changes. You'll then need to match these with revised Invoke-WebRequest operations.
One other problem you'll face is that any changes will also need the correct server supplied NONCE passing in query strings (to prevent CSRF attacks). You'll be able to extract that from the hrefs returned in the initial balancer manager response.
You should be able to work out various balancer manager command switches and parameters by looking at the balancer_process_balancer_worker() function.
Hope this helps. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
|
Back to top |
|
|
|
|
|
|