Bug#701117: Fwd: Re: Bug#701117: Apache : Custom ErrorDocument 400 not working when Host header is missing
Original Message From: christo...@guilloux.info Fri Feb 22 00:16:41 2013 Return-Path: X-Original-To: deb...@toell.net Delivered-To: deb...@toell.net Received: by smart.knallkopp.de (Postfix, from userid 6061) id DBAA4164090; Fri, 22 Feb 2013 00:16:40 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smart.knallkopp.de X-Spam-Level: * X-Spam-Status: No, score=1.3 required=3.0 tests=RDNS_NONE autolearn=disabled version=3.3.1 X-policyd-weight: using cached result; rate: -5.5 Received: from master.debian.org (unknown [82.195.75.110]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smart.knallkopp.de (Postfix) with ESMTPS id 442F0164059 for ; Fri, 22 Feb 2013 00:16:39 +0100 (CET) Received: from srv002.dedinux.com ([46.105.37.180]) by master.debian.org with esmtp (Exim 4.80) (envelope-from ) id 1U8fNW-0006tv-Tn for deb...@toell.net; Thu, 21 Feb 2013 23:16:38 + Received: from localhost (localhost.localdomain [127.0.0.1]) by srv002.dedinux.com (Postfix) with ESMTP id 6A38E2C0579 for ; Fri, 22 Feb 2013 00:16:33 +0100 (CET) X-Virus-Scanned: spam & virus filtering at Received: from srv002.dedinux.com ([127.0.0.1]) by localhost (srv002.dedinux.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OzGGWBjbcLBs for ; Fri, 22 Feb 2013 00:16:33 +0100 (CET) Received: from srv002.dedinux.com (localhost.localdomain [127.0.0.1]) by srv002.dedinux.com (Postfix) with ESMTP id 085152C376C for ; Fri, 22 Feb 2013 00:16:33 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Fri, 22 Feb 2013 00:16:33 +0100 From: Christophe GUILLOUX To: Arno Töll Subject: Re: Bug#701117: Apache : Custom ErrorDocument 400 not working when Host header is missing In-Reply-To: <51268e3f.7090...@debian.org> References: <0f6a07fa3ffe54e44a2738c4f5071...@srv002.dedinux.com> <51268e3f.7090...@debian.org> Message-ID: X-Sender: christo...@guilloux.info User-Agent: Roundcube Webmail/0.7.1 Le 2013-02-21 22:14, Arno Töll a écrit : > On 21.02.2013 20:26, Christophe GUILLOUX wrote: >> This bug is affecting debian wheezy, some browser can be affected >> and >> other not (because they interpret the page as a html by default) : >> https://issues.apache.org/bugzilla/show_bug.cgi?id=48357 > > I am not sure how your description matches the bug you mentioned. The > bug you linked is about custom error page handling when clients > violating the HTTP 1.1 protocol are requesting pages. > > Do you mind to explain? Sorry, I don't understand the entire second sentence. I think apache should respond with header even if the client sent a bad request. RFC is too long but i suppose they write that server must respond : HTTP/1.1 400 Bad Request ... and not directly the html or text. For example, i do : telnet alioth.debian.org 443 Trying 217.196.43.134... Connected to alioth.debian.org. Escape character is '^]'. GET / HTTP/1.1 400 Bad Request Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://alioth.debian.org/";>https://alioth.debian.org/ Apache/2.2.16 (Debian) Server at alioth.debian.org Port 443 Connection closed by foreign host. I think it miss this before the html response: HTTP/1.1 400 Bad Request Date: Thu, 21 Feb 2013 23:13:29 GMT Server: Apache/2.2.16 (Debian) Vary: Accept-Encoding Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 It seems that the problem appear only when client do a clear request on a SSL port. -- Cordialement, Christophe GUILLOUX -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5126b0e2.2070...@debian.org
Bug#701117: Apache : Custom ErrorDocument 400 not working when Host header is missing
On 21.02.2013 20:26, Christophe GUILLOUX wrote: > This bug is affecting debian wheezy, some browser can be affected and > other not (because they interpret the page as a html by default) : > https://issues.apache.org/bugzilla/show_bug.cgi?id=48357 I am not sure how your description matches the bug you mentioned. The bug you linked is about custom error page handling when clients violating the HTTP 1.1 protocol are requesting pages. Do you mind to explain? -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#701118: libapache2-mod-fastcgi missing
Processing commands for cont...@bugs.debian.org: > severity 701118 wishlist Bug #701118 [apache2] libapache2-mod-fastcgi missing Severity set to 'wishlist' from 'grave' > reassign 701118 libapache2-mod-fastcgi Bug #701118 [apache2] libapache2-mod-fastcgi missing Bug reassigned from package 'apache2' to 'libapache2-mod-fastcgi'. No longer marked as found in versions apache2/2.2.22-12. Ignoring request to alter fixed versions of bug #701118 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 701118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.136148075515245.transcr...@bugs.debian.org
Bug#701118: libapache2-mod-fastcgi missing
severity 701118 wishlist reassign 701118 libapache2-mod-fastcgi thanks Hi, On 21.02.2013 20:40, Christophe GUILLOUX wrote: > Package: apache2 > Version: 2.2.22-12 > Tags: wheezy > Severity: grave How does your problem "make[s] the package in question unusable or mostly so, or causes data loss, or introduces a security hole allowing access to the accounts of users who use the package"? > Some people actually in squeeze use this package because it is working > like a proxy to a fastcgi server (FastCgiExternalServer). > If they upgrade to wheezy, their application stop working without any > workaround (they can delete apache and use nginx in place but it is not > the question here). What's your point? mod-fastcgi is a third party application not shipped with the Apache core package and never was. In fact, mod_fastcgi does not even have the same upstream. Thus, this is not a bug in the Apache package itself and you're yelling at the wrong address. We, as Apache maintainers cannot change anything here. Moreover, I don't understand your problem after all. mod_fastcgi is still in Wheezy [1] and you don't need mod_fastcgi at all in order to run PHP-FPM with mod_fcgid. > There is two solution : compiling this module or upgrading apache to a > recent version because there is a proxy module > (http://httpd.apache.org/docs/2.4/fr/mod/mod_proxy_fcgi.html) or if you > can, compile this module with apache 2.2.22 which is obsolete :-( > > 2.2.22: Released January 31, 2012 > 2.4.2 : Released April 17, 2012 (before wheezy freezing) Sorry, what? > Other bug : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592937 > [1] http://packages.debian.org/source/testing/libapache-mod-fastcgi -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Bug#701118: libapache2-mod-fastcgi missing
Package: apache2 Version: 2.2.22-12 Tags: wheezy Severity: grave Some people actually in squeeze use this package because it is working like a proxy to a fastcgi server (FastCgiExternalServer). If they upgrade to wheezy, their application stop working without any workaround (they can delete apache and use nginx in place but it is not the question here). There is two solution : compiling this module or upgrading apache to a recent version because there is a proxy module (http://httpd.apache.org/docs/2.4/fr/mod/mod_proxy_fcgi.html) or if you can, compile this module with apache 2.2.22 which is obsolete :-( 2.2.22: Released January 31, 2012 2.4.2 : Released April 17, 2012 (before wheezy freezing) Other bug : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592937 -- Cordialement, Christophe GUILLOUX -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/a19b691f191717b0179cd88f60aac...@srv002.dedinux.com
Bug#701117: Apache : Custom ErrorDocument 400 not working when Host header is missing
Package: apache2 Version: 2.2.22-12 Tags: wheezy This bug is affecting debian wheezy, some browser can be affected and other not (because they interpret the page as a html by default) : https://issues.apache.org/bugzilla/show_bug.cgi?id=48357 -- Cordialement, Christophe GUILLOUX -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0f6a07fa3ffe54e44a2738c4f5071...@srv002.dedinux.com
