logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Control draining mode for load balancer via script,
Author
dfluess



Joined: 16 May 2024
Posts: 1
Location: Deutschland, Rostock

PostPosted: Thu 16 May '24 16:59    Post subject: Control draining mode for load balancer via script, Reply with quote

Hello Steffen,

I'm in the operations team and am currently developing an interface to control the Apache load balancer via PS. For example, the “draining mode” should be switched on or off for individual members using a script.
Since I couldn't find anything on the Internet as to why Apache always logs "ignoring params in balancer-manager cross-site access (null): localhost" when executing a script, I would like to turn to this forum. I have a simple script that I would like to use to implement this. The script is executed on the same server where the balancer manager is running.

Code:

$BalancerManagerUrl = "http://localhost/balancer-manager"
$BalancerName = "valuemation1"

# Definiere die Aktionen, die ausgeführt werden sollen
$DrainWorkerUrl = "${BalancerManagerUrl}?b=${BalancerName}&dw=Enable"
$DrainSessionUrl = "${BalancerManagerUrl}?b=${BalancerName}&bs=Enable&w_status_D=1"

# Sende die Anfragen an den balancer-manager
Invoke-WebRequest -Uri $DrainWorkerUrl
Invoke-WebRequest -Uri $DrainSessionUrl


Since I don't know the exact switches and parameters, I tried different things. But I can't even get that far. And here is the relevant excerpt from httpd.conf.


Code:

Define SRVROOT "c:\Apache24"
ServerRoot "${SRVROOT}"

Listen 80

LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so             
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule status_module modules/mod_status.so
LoadModule ssl_module modules/mod_ssl.so

ServerAdmin admin@example.com
ServerName localhost:80

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "${SRVROOT}/htdocs"

<Directory "${SRVROOT}/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
   Options None
   AllowOverride All
   Require valid-user   
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html   
</IfModule>

<Files ".ht*">
    Require all denied   
</Files>

ErrorLog "logs/error.log"
LogLevel debug

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/"   
</IfModule>

<Directory "${SRVROOT}/cgi-bin">
    AllowOverride None
    Options None
    Require all granted   
</Directory>

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz   
</IfModule>

AcceptFilter http none
AcceptFilter https none                          

Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-autoindex.conf
#Include conf/extra/httpd-info.conf

DefaultLanguage de
AddDefaultCharset ISO-8859-1
RemoteIPHeader X-Forwarded-For

## Beispiel:
# https://sirmark.de/computer/konfiguration-eines-apache-load-balancer-1125.html

   ProxyRequests Off
   ProxyPreserveHost Off
   KeepAlive On
   KeepAliveTimeout 60     
   
   <Proxy *>
      setenv proxy-initial-not-pooled 1
      setenv proxy-nokeepalive 0
      setenv force-proxy-request-1.0 0

      Deny from all
      Allow from 127.0.0.1
      Allow from all
   </Proxy>
   
   proxyPass / balancer://valuemation1/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On
   ProxyPassReverse / balancer://valuemation1/ nofailover=On
   
   <Proxy balancer://valuemation1>
      BalancerMember ajp://localhost:8009 route=Valuemation_TEST_01 secret=xxxxxx. ttl=60
      ProxySet lbmethod=byrequests
      #ProxySet lbmethod=bytraffic
      ProxySet forcerecovery=On
   </Proxy>   
 
  <VirtualHost *:80>
   ServerName localhost
   
   Header set Access-Control-Allow-Origin "*"
   Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
   Header set Access-Control-Allow-Headers "Content-Type, Authorization"
   Header set Access-Control-Allow-Credentials "true"
   
   ProxyPass /balancer-manager !
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
   
 </VirtualHost>    
 
 <Location "/balancer-manager">
    SetHandler balancer-manager
    Require all granted
 #   Require local
    Require host localhost

</Location>


Mode note: added code tags
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 320
Location: UK

PostPosted: Thu 16 May '24 22:55    Post subject: Reply with quote

Regarding your error messages "ignoring params in balancer-manager cross-site access (null): localhost".

If you look at the source code for mod_proxy_balancer.c, you'll see this occurs when the referer header in your web request fails to match the host of the request. It's a basic XSRF check, on the basis the requesting host should already be approved to access the balancer manager.

However, beyond setting up a request header with the appropriate 'Referer' for your Invoke-WebRequest, I believe your Powershell script is going to need some further enhancements, not least of which is interactive changes to the balancer manager state are made through POST requests.

What I suggest you do is use a Developer Tools window on a browser, connected to your balancer manager, and look at the appropriate GET query string requests and POST parameters when making changes. You'll then need to match these with revised Invoke-WebRequest operations.

One other problem you'll face is that any changes will also need the correct server supplied NONCE passing in query strings (to prevent CSRF attacks). You'll be able to extract that from the hrefs returned in the initial balancer manager response.

You should be able to work out various balancer manager command switches and parameters by looking at the balancer_process_balancer_worker() function.

Hope this helps.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7309
Location: Germany, Next to Hamburg

PostPosted: Fri 17 May '24 8:35    Post subject: Reply with quote

I've never done it myself via a script, but I found this script https://gist.github.com/SeonghoonKim/5385982
Back to top


Reply to topic   Topic: Control draining mode for load balancer via script, View previous topic :: View next topic
Post new topic   Forum Index -> Apache