[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#743860: marked as done (apache2: Apache forgets about /cgi-bin on restart)

Your message dated Mon, 08 Jun 2015 00:12:12 +0000
with message-id <5574DDDC.8090003@debian.org>
and subject line Re: apache2: Apache forgets about /cgi-bin on restart
has caused the Debian Bug report #743860,
regarding apache2: Apache forgets about /cgi-bin on restart
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

743860: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743860
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.4.9-1
Severity: normal

Dear Maintainer,

I first encountered this problem on my main home Debian box, but
have now reproduced it on a fresh VM I did nothing to after the
initial install except:
1) dist-upgrade to jessie
2) install and configure apache2 as below

The problem is that apache2 will serve cgi-bin programs until it
is restarted with "apache2ctl restart" or "apache2ctl graceful".
Once that happens, it seems to forget the cgi configuration, and I
see messages like this in the error_log:

[Sun Apr 06 22:40:14.487098 2014] [core:info] [pid 8959] [client ::1:48015] AH00128: File does not exist: /var/www/html/cgi-bin/hello

and requests for /cgi-bin/ programs will return a standard
404 error page. A second "apache2ctl graceful" or "apach2ctl restart"
or the equivalent "service apache2 reload" will restore cgi-bin
capability. (But a third restart will lose it again, etc.)

Note that logrotate does an "/etc/init.d/apache2 reload", meaning that
without the workaround below every logrotate run would disable cgi.

To reproduce this, on a jessie system install both apache2 and
libapache2-mod-dnssd, and then do:

# a2dismod mpm_event
# a2enmod mpm_prefork
# a2enmod cgi
# a2enmod reqtimeout
# a2enmod userdir
# a2enmod dnssd

When completed, the /etc/apache2/mods-enabled directory should show:

debian@debian:/etc/apache2$ ls mods-enabled/
access_compat.load  autoindex.conf  env.load          reqtimeout.load
alias.conf          autoindex.load  filter.load       setenvif.conf
alias.load          cgi.load        mime.conf         setenvif.load
auth_basic.load     deflate.conf    mime.load         status.conf
authn_core.load     deflate.load    mpm_prefork.conf  status.load
authn_file.load     dir.conf        mpm_prefork.load  userdir.conf
authz_core.load     dir.load        negotiation.conf  userdir.load
authz_host.load     dnssd.conf      negotiation.load
authz_user.load     dnssd.load      reqtimeout.conf

Now create a simple test cgi script; I used this:

debian@debian:/etc/apache2$ cat /usr/lib/cgi-bin/hello 
#! /bin/sh
echo "Content-Type: text/plain"
echo Hello world from a cgi script.

Restart apache2 with "service apache2 restart". Observe that
http://localhost/cgi-bin/hello is served properly. Run any of
the commands that get apache to reload its configuration ("apache2ctl
graceful", "apache2ctl restart", "service apache2 reload"), and then
observe that http://localhost/cgi-bin/hello is no longer served.

Despite what the apache documentation implies, no setting for
LogLevel seems to ever leave evidence in any log file of exactly which
configuration files were opened and read on each apache restart.

I previously had asked about this issue at

That page also contains a workaround I discovered (for anyone else
who encounters this issue): placing a "LogLevel warn" statement into
/etc/apache2/000-default.conf changes something so that /cgi-bin/ is
then served consistently. While reproducing this, I've also found that
this bug is *highly* sensitive to exactly which modules are enabled;
for example, disabling any one of the three modules reqtimeout, userdir,
and dnssd makes the bug vanish. When reproducing this, ensure that the
mods-enabled directory reads as above, and that everything else about
the configuration is exactly as shipped in the package.

Given this bug's weird sensitivity to things that shouldn't matter,
I worry this may point to some upstream bug involving a subtle memory
corruption issue in configuration parsing.

-- Package-specific info:

-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.13-1-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2 depends on:
ii  apache2-bin   2.4.9-1
ii  apache2-data  2.4.9-1
ii  lsb-base      4.1+Debian12
ii  mime-support  3.54
ii  perl          5.18.2-2+b1
ii  procps        1:3.3.9-2

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.33

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
pn  apache2-utils                                    <none>
ii  iceweasel [www-browser]                          24.4.0esr-1
ii  w3m [www-browser]                                0.5.3-15

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.0-1
ii  libaprutil1              1.5.3-1+b1
ii  libaprutil1-dbd-sqlite3  1.5.3-1+b1
ii  libaprutil1-ldap         1.5.3-1+b1
ii  libc6                    2.18-4
ii  libldap-2.4-2            2.4.39-1
ii  liblua5.1-0              5.1.5-5
ii  libpcre3                 1:8.31-2
ii  libssl1.0.0              1.0.1f-1
ii  libxml2                  2.9.1+dfsg1-3
ii  perl                     5.18.2-2+b1
ii  zlib1g                   1:1.2.8.dfsg-1

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  iceweasel [www-browser]                          24.4.0esr-1
ii  w3m [www-browser]                                0.5.3-15

Versions of packages apache2 is related to:
ii  apache2      2.4.9-1
ii  apache2-bin  2.4.9-1

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.10-1


We believe that the bug you reported is fixed.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 743860@bugs.debian.org,
and a maintainer will reopen the bug report if appropriate.


--- End Message ---

Reply to: