Skip to content
This repository has been archived by the owner on Apr 21, 2023. It is now read-only.

webmin through an apache proxy fails #532

GoogleCodeExporter opened this issue Apr 6, 2015 · 12 comments

webmin through an apache proxy fails #532

GoogleCodeExporter opened this issue Apr 6, 2015 · 12 comments


Copy link

What steps will reproduce the problem? webmin ( through a proxy
2. try to connect though the proxy (works)
3. connect to webmin
4. log in
5. <failure>

What is the expected output? What do you see instead?
i expect to see standard webmin, in stead i see

Error - No cookies

Your browser does not support cookies, which are required for this web server 
to work in session authentication mode

What version of the product are you using (please check X-Mod-Pagespeed
On what operating system?
scientific linux 6.3

Which version of Apache?
Server: Apache/2.2.15 (Scientific Linux)
Which MPM?
URL of broken page: unfortunately i cannot grant you access at this time, but 
webmin is fairly standard stuff. this is my proxy info
<VirtualHost *:80>
        ProxyPass / http://server1:10000/
        ProxyPassReverse / http://server1:10000/
        <Proxy *>
                Order deny,allow
                Allow from all
                AuthType Basic
                AuthName "Password Required"
                AuthUserFile /etc/httpd/password.file
                Require valid-user
        ErrorLog logs/webmin1-error_log
        CustomLog logs/webmin1-access_log common
        <IfModule mod_security2.c>
                SecRuleEngine On

Original issue reported on by on 15 Oct 2012 at 3:57

Copy link

Can you explain where you have installed mod_pagespeed? In the proxy? On It is possible that running a proxy with mod_pagespeed 
installed will not pass cookies through.

Original comment by on 15 Oct 2012 at 5:13

  • Changed state: RequestClarification

Copy link

i have apache installed with mod_pagespeed. this apache runs about 20 virtual 
4 of those are redirects to different webmins.
i have currently switched mod_pagespeed off in these webmin virtual hosts so 
now it reads

<VirtualHost *:80>
        ModPagespeed off
(rest same)
in this way webmin works normally, but obviously without modpagespeed.

Original comment by on 15 Oct 2012 at 7:25

Copy link

What are you using the proxy for? What sort of proxy are you using?

Original comment by on 15 Oct 2012 at 7:28

Copy link

I am using the proxy to have fewer open ports towards the internet.
towards that machine only port 80/443 is open and other application sites are 
redirected via apache, so in this case, is redirected 
towards server1:10000 and port 10000 is closed on my router. it has 2 
advantages, a simple portcheck towards my router will not reveal these 
applications and i do not have to remember the ports these applications are on.

Original comment by on 15 Oct 2012 at 7:39

Copy link

[deleted comment]

Copy link

I just tested this locally and mod_pagespeed + mod_proxy appears to be 
correctly forwarding Cookie headers to the backend server. Can you verify or 
not that Cookie headers are making it to your backend servers?

Do you know of any other technical reasons that you might be getting these 
errors? Does webmin expect to get cookies for subresources as well as HTML?

Original comment by on 18 Oct 2012 at 10:04

Copy link

did you receive the codes to check on my website?

Original comment by on 23 Oct 2012 at 12:00

Copy link

Indeed, it looks like the mod_pagespeed enabled version is stripping the header:

Set-Cookie:testing=1; path=/


When the second form is submitted, and the URL is requested, that URL only 
succeeds if the testing=1 Cookie is passed in.

Oddly enough, when I manually add that Cookie header on the request:

$ curl -vs --header "Authorization: Basic <redacted>" --header "Cookie: 
edacted>" > /dev/null

< HTTP/1.1 302 Moved Temporarily
< Date: Tue, 23 Oct 2012 19:05:13 GMT
< Server: MiniServ/1.600
< Location:
< Set-Cookie: sid=<redacted>; path=/
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/plain; charset=UTF-8

The actual important Set-Cookie header is not stripped.

Do you have any idea how the Set-Cookie: testing=1 and sid=... are being set? 
It appears that only the testing=1 header is being broken.

I cannot reproduce this locally.

Original comment by on 23 Oct 2012 at 7:14

Copy link

I suspect that this is a different symptom of which is fixed in 

We will try to do a new beta release incorporating this fix.

Would it be possible to build our trunk from source and see if this fixes the 
problem?   Otherwise we will ping this bug again when our release is out.

Original comment by on 23 Oct 2012 at 7:18

  • Added labels: Milestone-v23

Copy link

it's weird that you can't reproduce I don't think I did anything really strange 
you should now be able to see my full apache conf via webmin, maybe that is of 
some help.
If it's just configure/make i can certainly at least try to build the beta.

Original comment by on 23 Oct 2012 at 8:25

Copy link

Build from source instructions are here:

They aren't quite as simple as make/configure, but pretty straightforward. 
Otherwise, we'll let you know when we have the new release available.

If this is related to issue 385, I'm not surprised that I couldn't reproduce it 
locally, because I did not run through PHP or anything like that, just tried 
running basic netcat requests through the proxy.

Original comment by on 23 Oct 2012 at 8:37

Copy link

Original comment by on 31 Jan 2014 at 3:53

  • Changed state: Closed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

1 participant