webmin through an apache proxy fails

[GoogleCodeExporter]

What steps will reproduce the problem?
1.run webmin (www.webmin.com/) through a proxy
2. try to connect though the proxy (works)
3. connect to webmin
4. log in
5. <failure>

What is the expected output? What do you see instead?
i expect to see standard webmin, in stead i see

->
Error - No cookies

Your browser does not support cookies, which are required for this web server 
to work in session authentication mode
<-

What version of the product are you using (please check X-Mod-Pagespeed
header)?
X-Mod-Pagespeed: 1.0.22.7-2005
On what operating system?
scientific linux 6.3

Which version of Apache?
Server: Apache/2.2.15 (Scientific Linux)
Which MPM?
prefork 
URL of broken page:
webmin.baziel.com unfortunately i cannot grant you access at this time, but 
webmin is fairly standard stuff. this is my proxy info
<VirtualHost *:80>
        ServerName webmin.baziel.com
        ProxyPass / http://server1:10000/
        ProxyPassReverse / http://server1:10000/
        <Proxy *>
                Order deny,allow
                Allow from all
                AuthType Basic
                AuthName "Password Required"
                AuthUserFile /etc/httpd/password.file
                Require valid-user
        </Proxy>
        ErrorLog logs/webmin1-error_log
        CustomLog logs/webmin1-access_log common
        <IfModule mod_security2.c>
                SecRuleEngine On
        </IfModule>
</VirtualHost>

Original issue reported on code.google.com by baz...@baziel.com on 15 Oct 2012 at 3:57

[GoogleCodeExporter]

Can you explain where you have installed mod_pagespeed? In the proxy? On 
webmin.baziel.com? It is possible that running a proxy with mod_pagespeed 
installed will not pass cookies through.

Original comment by sligocki@google.com on 15 Oct 2012 at 5:13

• Changed state: RequestClarification

[GoogleCodeExporter]

i have apache installed with mod_pagespeed. this apache runs about 20 virtual 
hosts.
4 of those are redirects to different webmins.
i have currently switched mod_pagespeed off in these webmin virtual hosts so 
now it reads

<VirtualHost *:80>
        ServerName webmin.baziel.com
        ModPagespeed off
...
(rest same)
</VirtualHost>
in this way webmin works normally, but obviously without modpagespeed.

Original comment by baz...@baziel.com on 15 Oct 2012 at 7:25

[GoogleCodeExporter]

What are you using the proxy for? What sort of proxy are you using?

Original comment by sligocki@google.com on 15 Oct 2012 at 7:28

[GoogleCodeExporter]

I am using the proxy to have fewer open ports towards the internet.
towards that machine only port 80/443 is open and other application sites are 
redirected via apache, so in this case, http://webmin.baziel.com is redirected 
towards server1:10000 and port 10000 is closed on my router. it has 2 
advantages, a simple portcheck towards my router will not reveal these 
applications and i do not have to remember the ports these applications are on.

Original comment by baz...@baziel.com on 15 Oct 2012 at 7:39

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I just tested this locally and mod_pagespeed + mod_proxy appears to be 
correctly forwarding Cookie headers to the backend server. Can you verify or 
not that Cookie headers are making it to your backend servers?

Do you know of any other technical reasons that you might be getting these 
errors? Does webmin expect to get cookies for subresources as well as HTML?

Original comment by sligocki@google.com on 18 Oct 2012 at 10:04

[GoogleCodeExporter]

did you receive the codes to check on my website?

Original comment by baz...@baziel.com on 23 Oct 2012 at 12:00

[GoogleCodeExporter]

Indeed, it looks like the mod_pagespeed enabled version is stripping the header:

Set-Cookie:testing=1; path=/

from http://webmintest.baziel.com/

When the second form is submitted, and the URL 
http://webmintest.baziel.com/session_login.cgi is requested, that URL only 
succeeds if the testing=1 Cookie is passed in.

Oddly enough, when I manually add that Cookie header on the 
http://webmintest.baziel.com/session_login.cgi request:

$ curl -vs --header "Authorization: Basic <redacted>" --header "Cookie: 
testing=1" 
"http://webmintest.baziel.com/session_login.cgi?page=%2F&user=<redacted>&pass=<r
edacted>" > /dev/null

< HTTP/1.1 302 Moved Temporarily
< Date: Tue, 23 Oct 2012 19:05:13 GMT
< Server: MiniServ/1.600
< Location: http://webmintest.baziel.com/
< Set-Cookie: sid=<redacted>; path=/
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/plain; charset=UTF-8

The actual important Set-Cookie header is not stripped.

Do you have any idea how the Set-Cookie: testing=1 and sid=... are being set? 
It appears that only the testing=1 header is being broken.


I cannot reproduce this locally.

Original comment by sligocki@google.com on 23 Oct 2012 at 7:14

[GoogleCodeExporter]

I suspect that this is a different symptom of 
http://code.google.com/p/modpagespeed/issues/detail?id=385 which is fixed in 
trunk.

We will try to do a new beta release incorporating this fix.

Would it be possible to build our trunk from source and see if this fixes the 
problem?   Otherwise we will ping this bug again when our release is out.

Original comment by jmara...@google.com on 23 Oct 2012 at 7:18

• Added labels: Milestone-v23

[GoogleCodeExporter]

it's weird that you can't reproduce I don't think I did anything really strange 
but
you should now be able to see my full apache conf via webmin, maybe that is of 
some help.
If it's just configure/make i can certainly at least try to build the beta.

Original comment by baz...@baziel.com on 23 Oct 2012 at 8:25

[GoogleCodeExporter]

Build from source instructions are here: 
https://developers.google.com/speed/docs/mod_pagespeed/build_from_source

They aren't quite as simple as make/configure, but pretty straightforward. 
Otherwise, we'll let you know when we have the new release available.

If this is related to issue 385, I'm not surprised that I couldn't reproduce it 
locally, because I did not run through PHP or anything like that, just tried 
running basic netcat requests through the proxy.

Original comment by sligocki@google.com on 23 Oct 2012 at 8:37

[GoogleCodeExporter]

Original comment by jmara...@google.com on 31 Jan 2014 at 3:53

• Changed state: Closed