WebDAV randomly fails after upgrading QTS 5.0.1.2194

[qiankanglai]

Hi,

Recently I upgrade to QTS 5.0.1.2194 but find webdav randomly fails and reconnect. It worked well before upgrading and now becomes highly unavailable (with different PC and different clients)
ps. I'm using under valid SSL certificate with HTTPS.

Here is the log from apache (I tried to investigate) and it seems the module crashes for unknown reason.

Code: Select all

[/mnt/ext/opt/apache/logs] # tail -f error_log
[Mon Oct 31 00:06:33.367096 2022] [so:warn] [pid 22463:tid 139810715572096] AH01574: module authz_user_module is already loaded, skipping
[Mon Oct 31 00:06:33.371472 2022] [md:info] [pid 22464:tid 139810715572096] AH10071: mod_md (v2.4.17), initializing...
[Mon Oct 31 00:06:33.371761 2022] [ssl:info] [pid 22464:tid 139810715572096] AH01883: Init: Initialized OpenSSL library
[Mon Oct 31 00:06:33.372005 2022] [socache_shmcb:info] [pid 22464:tid 139810715572096] AH00830: Shared memory socache initialised
[Mon Oct 31 00:06:33.372020 2022] [ssl:info] [pid 22464:tid 139810715572096] AH01887: Init: Initializing (virtual) servers for SSL
[Mon Oct 31 00:06:33.373024 2022] [ssl:info] [pid 22464:tid 139810715572096] AH01876: mod_ssl/2.4.54 compiled against Server: Apache/2.4.54, Library: OpenSSL/1.1.1l
[Mon Oct 31 00:06:33.373070 2022] [http2:info] [pid 22464:tid 139810715572096] AH03090: mod_http2 (v1.15.28, feats=CHPRIO+SHA256+INVHD+DWINS, nghttp2 1.16.1), initializing...
[Mon Oct 31 00:06:33.384682 2022] [mpm_worker:notice] [pid 22464:tid 139810715572096] AH00292: Apache/2.4.54 (Unix) OpenSSL/1.1.1l configured -- resuming normal operations
[Mon Oct 31 00:06:33.384754 2022] [mpm_worker:info] [pid 22464:tid 139810715572096] AH00293: Server built: Oct 22 2022 04:32:07
[Mon Oct 31 00:06:33.384793 2022] [core:notice] [pid 22464:tid 139810715572096] AH00094: Command line: '/usr/local/apache/bin/apache-dav -f /etc/apache-dav-sys.conf'
========Here it crashed and client lost connection. After restarting apache-dav, client could work again after 10+ seconds========
Mon Oct 31 00:06:46.144194 2022] [core:info] [pid 22464:tid 139810715572096] AH00096: removed PID file /var/lock/apache-dav.pid (pid=22464)
[Mon Oct 31 00:06:46.144274 2022] [mpm_worker:notice] [pid 22464:tid 139810715572096] AH00295: caught SIGTERM, shutting down
[Mon Oct 31 00:07:04.292793 2022] [ssl:info] [pid 23658:tid 139767243118464] AH01883: Init: Initialized OpenSSL library
[Mon Oct 31 00:07:04.293020 2022] [ssl:info] [pid 23658:tid 139767243118464] AH01887: Init: Initializing (virtual) servers for SSL
[Mon Oct 31 00:07:04.294405 2022] [ssl:info] [pid 23658:tid 139767243118464] AH01876: mod_ssl/2.4.54 compiled against Server: Apache/2.4.54, Library: OpenSSL/1.1.1l
[Mon Oct 31 00:07:04.294452 2022] [:notice] [pid 23658:tid 139767243118464] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured.
[Mon Oct 31 00:07:04.294461 2022] [:notice] [pid 23658:tid 139767243118464] ModSecurity: APR compiled version="1.5.2"; loaded version="1.5.2"
[Mon Oct 31 00:07:04.294470 2022] [:notice] [pid 23658:tid 139767243118464] ModSecurity: PCRE compiled version="8.37 "; loaded version="8.37 2015-04-28"
[Mon Oct 31 00:07:04.294478 2022] [:notice] [pid 23658:tid 139767243118464] ModSecurity: LIBXML compiled version="2.9.2"
[Mon Oct 31 00:07:04.294523 2022] [:notice] [pid 23658:tid 139767243118464] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Mon Oct 31 00:07:04.315771 2022] [so:warn] [pid 23658:tid 139767243118464] AH01574: module authn_core_module is already loaded, skipping
[Mon Oct 31 00:07:04.315820 2022] [so:warn] [pid 23658:tid 139767243118464] AH01574: module auth_basic_module is already loaded, skipping
[Mon Oct 31 00:07:04.315831 2022] [so:warn] [pid 23658:tid 139767243118464] AH01574: module authz_user_module is already loaded, skipping
[Mon Oct 31 00:07:04.320209 2022] [md:info] [pid 23659:tid 139767243118464] AH10071: mod_md (v2.4.17), initializing...
[Mon Oct 31 00:07:04.320497 2022] [ssl:info] [pid 23659:tid 139767243118464] AH01883: Init: Initialized OpenSSL library

For temporary use, I downgrade system back to QTS 5.0.1.2173 and everything works as a charm again.
I have to disable system auto update but it is annoying if I'm stick to this version. Any help would be appreciated.

[dolbyman]

Best to open a ticket with QNAP, most people here will not expose their NAS to WAN (SSL will not protect you in any way), so if you want to continue theses dangerous ways, talk to them (QNAP)