Unix socket communication with Apache 2.4.51 and Flask App using Uwsgi returning "404 Not Found"

Question

I'm using Apache in the front as web server and running python flask application at the back end and they communicate using Unix socket as mentioned in the link below for mod_proxy_uwsgi module and i have loaded both mod_proxy and mod_proxy_uwsgi as suggested https://uwsgi-docs.readthedocs.io/en/latest/Apache.html

httpd/bin/apachectl -S
VirtualHost configuration:
*:2020                 host-rh7-1 (/home/user/httpd-2.4.51/conf/httpd.conf:156)
*:2022                 host-rh7-1 (/home/user/httpd-2.4.51/conf/httpd.conf:169)
*:2021                 host-rh7-1 (/home/user/httpd-2.4.51/conf/extra/httpd-ssl.conf:123)
*:2023                 host-rh7-1 (/home/user/httpd-2.4.51/conf/extra/httpd-ssl.conf:294)
ServerRoot: "/home/user/httpd-2.4.51"
Main DocumentRoot: "/home/user/web/html"
Main ErrorLog: "/home/user/httpd-2.4.51/logs/error_log"
Mutex default: dir="/home/user/httpd-2.4.51/logs/" mechanism=default
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/home/user/httpd-2.4.51/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="user" id=995 not_used
Group: name="support" id=1034 not_used

-------------------------------------

httpd.conf
------------
<VirtualHost *:2022>
    ProxyPass / unix:/home/user/flask_app/myproject.sock|uwsgi://home/user/flask_app/
</VirtualHost>



uwsgi conf.ini
---------------
[uwsgi]
chdir = /home/user/flask_app
module = app
master = true
processes = 2
thread = 2
socket = myproject.sock
chmod-socket = 660
enable-threads = true
vacuum = true
die-on-term = true

It was working fine until I was running Apache with 2.4.48, but after upgrading Apache to 2.4.51, it stopped working and i don't see http request reaching flask app, and it gives "404 Not Found" instead.

I know that there was a vulnerability ticket around this which states "CVE-2021-40438 is a Server Side Request Forgery (SSRF) vulnerability in Apache HTTP Server version 2.4.48 and earlier" and Apache has fixed that vulnerability issue in 2.4.51, but i do not understand the full effect of the fix in my configuration.

More information is here in this link https://www.fastly.com/blog/apache-redux-preventing-server-side-request-forgery-via-cve-2021-40438 and the fix looks to be in this revision https://svn.apache.org/viewvc?view=revision&revision=1892814

Is there an alternative way to enable Unix socket communication in httpd.conf going forward OR I have to use TCP socket instead ?

Please note that I know that if I use TCP socket instead of Unix socket as follows, it works fine

httpd.conf
-----------
<VirtualHost *:2022>
    ProxyPass / uwsgi://127.0.0.1:2024/
</VirtualHost>



uwsgi conf.ini
--------------
[uwsgi]
chdir = /home/user/flask_app
module = app
master = true
processes = 2
thread = 2
socket = 127.0.0.1:2024
enable-threads = true
vacuum = true
die-on-term = true

score 0 · Answer 1 · answered Nov 19 '21 at 03:56

After seeing some more examples around, I just tried another version of encoding the ProxyPass line as follows and it worked for me:

httpd.conf
------------
<VirtualHost *:2022>
    ProxyPass / unix:/home/user/flask_app/myproject.sock|uwsgi://localhost/
</VirtualHost>

Unix socket communication with Apache 2.4.51 and Flask App using Uwsgi returning "404 Not Found"

1 Answers1