[Bug 1717615] Re: encoded slashes being blocked by Apache

Corey Bryant corey.bryant at canonical.com
Thu Oct 5 18:30:02 UTC 2017 

New python-heatclient package versions have been uploaded to the zesty
and xenial review queues and are awaying SRU review, and have been
uploaded to newton-staging awaiting promotion to newton-proposed:

https://launchpad.net/ubuntu/zesty/+queue?queue_state=1&queue_text=
https://launchpad.net/ubuntu/xenial/+queue?queue_state=1&queue_text=
https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/newton-staging


** Description changed:

- We came across a situation where we were unable to view resources in a
- stack inside Horizon. We traced it down to a communication problem with
- the Heat Apache frontend and Heat. After adjusting the log level for
- Apache, we came across the following error in the logs:
+ [Impact]
+ We came across a situation where we were unable to view resources in a stack inside Horizon. We traced it down to a communication problem with the Heat Apache frontend and Heat. After adjusting the log level for Apache, we came across the following error in the logs:
  
  [client 213.173.193.177:33920] AH00026: found %2f (encoded '/') in URI
  (decoded='/v1/c064a39d602d4f42bc49e09057c97683/stacks/heat_test_foo/b5c125a3-d452-49a1-
  a12e-03e098fbb38c/resources/foo_vm-01'), returning 404
  
  As a workaround, we currently added the following line to the
  /etc/apache/sites-enabled/openstack-https_frontend.conf on our Heat
  instance:
  
  AllowEncodedSlashes On
  
  It is worth noting we tried to use the NoDecode option as well and that
  is didn't resolve the problem.
+ 
+ [Test Case]
+ See details in impact section. For our testing we deploy OpenStack with the OpenStack charms to deploy Horizon, Heat, etc.
+ 
+ 
+ [Regression Potential]
+ Low. The patch being backported is from the upstream stable/pike branch. There were some minor adjustments required to apply the patch to earlier releases, but the patches are nearly identical.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1717615

Title:
  encoded slashes being blocked by Apache

Status in OpenStack heat charm:
  Invalid
Status in Charm Helpers:
  Invalid
Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in Ubuntu Cloud Archive newton series:
  Triaged
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in OpenStack Heat:
  Invalid
Status in python-heatclient package in Ubuntu:
  Fix Released
Status in python-heatclient source package in Xenial:
  Triaged
Status in python-heatclient source package in Zesty:
  Triaged

Bug description:
  [Impact]
  We came across a situation where we were unable to view resources in a stack inside Horizon. We traced it down to a communication problem with the Heat Apache frontend and Heat. After adjusting the log level for Apache, we came across the following error in the logs:

  [client 213.173.193.177:33920] AH00026: found %2f (encoded '/') in URI
  (decoded='/v1/c064a39d602d4f42bc49e09057c97683/stacks/heat_test_foo/b5c125a3-d452-49a1-
  a12e-03e098fbb38c/resources/foo_vm-01'), returning 404

  As a workaround, we currently added the following line to the
  /etc/apache/sites-enabled/openstack-https_frontend.conf on our Heat
  instance:

  AllowEncodedSlashes On

  It is worth noting we tried to use the NoDecode option as well and
  that is didn't resolve the problem.

  [Test Case]
  See details in impact section. For our testing we deploy OpenStack with the OpenStack charms to deploy Horizon, Heat, etc.

  
  [Regression Potential]
  Low. The patch being backported is from the upstream stable/pike branch. There were some minor adjustments required to apply the patch to earlier releases, but the patches are nearly identical.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-heat/+bug/1717615/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list