I think the log severity changes below could use some eyes, especially
in context of 2.2. Are these lowered because they're redundant? I
haven't yet looked.
I am tempted to leave the old severities for 2.2 and wait and see if
it's confusing in 2.4 (should not have to enable DEBUG to see the
cause of a 400 error)
> @@ -937,7 +1010,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>
> if (last_field == NULL) {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03442)
> "Line folding encountered before first"
> " header line");
> return;
> @@ -945,7 +1018,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>
> if (field[1] == '\0') {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03443)
> "Empty folded line encountered");
> return;
> }
> @@ -991,9 +1064,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> }
> memcpy(last_field + last_len, field, len +1); /* +1 for nul */
> /* Replace obs-fold w/ SP per RFC 7230 3.2.4 */
> - if (strict || strictspaces) {
> - last_field[last_len] = ' ';
> - }
> + last_field[last_len] = ' ';
> last_len += len;
>
> /* We've appended this obs-fold line to last_len, proceed to
> @@ -1024,22 +1095,9 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> {
> /* Not Strict ('Unsafe' mode), using the legacy parser */
>
> - if (strictspaces && strpbrk(last_field, "\n\v\f\r")) {
> - r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(03451)
> - "Request header presented bad whitespace "
> - "(disallowed by StrictWhitespace)");
> - return;
> - }
> - else {
> - char *ll = last_field;
> - while ((ll = strpbrk(ll, "\n\v\f\r")))
> - *(ll++) = ' ';
> - }
> -
> if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
> r->status = HTTP_BAD_REQUEST; /* abort bad request */
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(00564)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(00564)
> "Request header field is missing ':' "
> "separator: %.*s", (int)LOG_NAME_MAX_LEN,
> last_field);
> @@ -1051,11 +1109,11 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>
> *value++ = '\0'; /* NUL-terminate at colon */
>
> - if (strictspaces && strpbrk(last_field, " \t")) {
> + if (strpbrk(last_field, "\t\n\v\f\r ")) {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(03452)
> - "Request header field name with whitespace
> "
> - "(disallowed by StrictWhitespace)");
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(03452)
> + "Request header field name presented"
> + " invalid whitespace");
> return;
> }
>
> @@ -1063,15 +1121,17 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> ++value; /* Skip to start of value */
> }
>
> - /* Strip LWS after field-name: */
> - while (tmp_field > last_field
> - && (*tmp_field == ' ' || *tmp_field == '\t')) {
> - *(tmp_field--) = '\0';
> + if (strpbrk(value, "\n\v\f\r")) {
> + r->status = HTTP_BAD_REQUEST;
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(03451)
> + "Request header field value presented"
> + " bad whitespace");
> + return;
> }
>
> if (tmp_field == last_field) {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(03453)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(03453)
> "Request header field name was empty");
> return;
> }
> @@ -1082,7 +1142,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> value = (char *)ap_scan_http_token(last_field);
> if ((value == last_field) || *value != ':') {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(02426)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(02426)
> "Request header field name is malformed: "
> "%.*s", (int)LOG_NAME_MAX_LEN, last_field);
> return;
> @@ -1104,7 +1164,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> */
> if (*tmp_field != '\0') {
> r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> APLOGNO(02427)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> APLOGNO(02427)
> "Request header value is malformed: "
> "%.*s", (int)LOG_NAME_MAX_LEN, value);
> return;
> @@ -1225,7 +1285,7 @@ request_rec *ap_read_request(conn_rec *c
> r->server->limit_req_line);
> }
> else if (r->method == NULL) {
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00566)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566)
> "request failed: malformed request line");
> }
> access_status = r->status;
> @@ -1265,7 +1325,7 @@ request_rec *ap_read_request(conn_rec *c
>
> ap_get_mime_headers_core(r, tmp_bb);
> if (r->status != HTTP_OK) {
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00567)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00567)
> "request failed: error reading the headers");
> ap_send_error_response(r, 0);
> ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
> @@ -1284,7 +1344,7 @@ request_rec *ap_read_request(conn_rec *c
> */
> if (!(strcasecmp(tenc, "chunked") == 0 /* fast path */
> || ap_find_last_token(r->pool, tenc, "chunked"))) {
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02539)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02539)
> "client sent unknown Transfer-Encoding "
> "(%s): %s", tenc, r->uri);
> r->status = HTTP_BAD_REQUEST;
> @@ -1305,25 +1365,6 @@ request_rec *ap_read_request(conn_rec *c
> apr_table_unset(r->headers_in, "Content-Length");
> }
> }
> - else {
> - if (r->header_only) {
> - /*
> - * Client asked for headers only with HTTP/0.9, which doesn't
> send
> - * headers! Have to dink things just to make sure the error
> message
> - * comes through...
> - */
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00568)
> - "client sent invalid HTTP/0.9 request: HEAD %s",
> - r->uri);
> - r->header_only = 0;
> - r->status = HTTP_BAD_REQUEST;
> - ap_send_error_response(r, 0);
> - ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
> - ap_run_log_transaction(r);
> - apr_brigade_destroy(tmp_bb);
> - goto traceout;
> - }
> - }
>
> apr_brigade_destroy(tmp_bb);
>
> @@ -1355,7 +1396,7 @@ request_rec *ap_read_request(conn_rec *c
> * a Host: header, and the server MUST respond with 400 if it
> doesn't.
> */
> access_status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00569)
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00569)
> "client sent HTTP/1.1 request without hostname "
> "(see RFC2616 section 14.23): %s", r->uri);
> }
