https://bz.apache.org/bugzilla/show_bug.cgi?id=61860
Bug ID: 61860
Summary: Headers duplication when 416 status code occurs
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi,
apache duplicates some specific headers when a 416 error occurs:
[root@S1 ~]# curl https://192.168.122.183/ -kv --header "Range: bytes=6549-"
* About to connect() to 192.168.122.183 port 443 (#0)
* Trying 192.168.122.183...
* Connected to 192.168.122.183 (192.168.122.183) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: C=FR
* start date: déc. 05 12:18:20 2017 GMT
* expire date: déc. 05 12:18:20 2018 GMT
* common name: (nil)
* issuer: C=FR
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.122.183
> Accept: */*
> Range: bytes=6549-
>
< HTTP/1.1 416 Requested Range Not Satisfiable
< Date: Tue, 05 Dec 2017 15:43:52 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
< Public-Key-Pins-Report-Only:
pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM=";
pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8=";
pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300;
report-uri="https://protonmail.com/pkp-report";
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Public-Key-Pins-Report-Only:
pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM=";
pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8=";
pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300;
report-uri="https://protonmail.com/pkp-report";
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>416 Requested Range Not Satisfiable</title>
</head><body>
<h1>Requested Range Not Satisfiable</h1>
<p>None of the range-specifier values in the Range
request-header field overlap the current extent
of the selected resource.</p>
</body></html>
* Connection #0 to host 192.168.122.183 left intact
[root@S1 ~]#
The expected behavior is to not get the headers duplicated, here's the
configuration of the vhost:
<VirtualHost *:443>
ServerName backend
DocumentRoot /var/www/html/
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +OptRenegotiate
SSLCertificateFile /etc/ssl/apache2/cert.pem
SSLCertificateKeyFile /etc/ssl/apache2/key.pem
Header always set Public-Key-Pins-Report-Only
"pin-sha256=\"Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM=\";
pin-sha256=\"2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8=\";
pin-sha256=\"1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU=\"; max-age=300;"
Header always set X-Frame-Options "deny"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
<Directory "/var/www/html">
Options ExecCGI FollowSymLinks Includes
AllowOverride All
order deny,allow
allow from all
</Directory>
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log common
</VirtualHost>
I installed apache on CentOS 7 through yum install.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
