Re: [users@httpd] Apache HTTPD sends a 400 the client gets a 200

2014-10-17 Thread Tom Purcell 
Jeff

Thanks for the response. My problem is that 400 is what should be seen by
the client. These are truly BAD_REQUESTs. The problem is that they are
being reported to the client as 200s. LIke it was set to 200 AFTER httpd
already built the response header with 400.

The error log has nothing. We're running at warn. I can go to debug and see
what I see.

Thanks
Tom

On Fri, Oct 17, 2014 at 1:06 PM, Jeff Trawick  wrote:

> On Fri, Oct 17, 2014 at 12:10 PM, Tom Purcell <
> tpurc...@chariotsolutions.com> wrote:
>
>> Hello
>>
>> We have an application that consists of REST endpoints on a jboss
>> server(5.1.0) fronted by Apache httpd(2.2.15). When a client makes a bad
>> request it usually gets the expected 400 http response code but sometimes
>> the client sees a 200. This happens sporadically. Two days ago I ran a test
>> where it happened 11 out of 20 times. Today the highest occurrence has been
>> 3 out of 40.
>>
>> To add some context here's some output from the test. Note both calls are
>> identical but one gets a 400, the other 200:
>>
>>> curl -s -D- -u user:passwd -X POST --data @uc.json 
>>> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>>>
>>> 21 :  HTTP/1.1 400 Bad Request^M Date: Wed, 15 Oct 2014 18:44:22 GMT^M 
>>> X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1^M Content-Type: 
>>> application/json^M Content-Length: 361^M Connection: close^M ^M^M { 
>>> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
>>> {level=\"error\", 
>>> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>>>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
>>> keyword=\"enum\", message=\"instance does not match any enum value\", 
>>> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>>>
>>> curl -s -D- -u user:passwd -X POST --data @uc.json 
>>> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>>>
>>> 22 :  HTTP/1.1 200 OK^M Date: Wed, 15 Oct 2014 18:44:24 GMT^M 
>>> Transfer-Encoding: chunked^M Content-Type: text/plain; charset=UTF-8^M ^M { 
>>> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
>>> {level=\"error\", 
>>> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>>>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
>>> keyword=\"enum\", message=\"instance does not match any enum value\", 
>>> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>>>
>>> The following are the Apache ssl_access.log entries that correspond to
>> the above calls. Note both got a 400:
>>
>>> 10.102.211.152 - - [15/Oct/2014:14:44:22 -0400] "POST 
>>> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>>>
>>> 10.102.211.152 - - [15/Oct/2014:14:44:24 -0400] "POST 
>>> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>>>
>>> More context:
>>
>>
>>- This never happens going directly against the jboss server
>>- It does happen both with and without SSL when hitting Apache
>>- The tests results shown above were run with using curl as a client
>>but we have also seen it happen with other clients(Charles, wireshark, IOS
>>apps, etc)
>>- Note that the 200 response above does not mention the jboss server
>>but that the 400 does. I have verified that both requests hit the jboss
>>server by locating the stack traces in the jboss log.
>>- Normally there is an F5 in the mix and when hitting the app through
>>it we get the same results. That said the tests referred to here
>>bypassed the F5 and hit the Apache server directly
>>
>> So we should get a 400 but when it gets to the client the response code
>> is 200. Any thoughts?
>>
>
> Maybe some component encountered a problem which caused it to set status
> to 400 AFTER httpd had already built the response header with 200 and
> passed it down towards the network.
>
> Is anything in the error log?  If not, do you have an available tracing
> mechanism that shows function return values?  Often an HTTP status code
> will be the return value of a function at some point.  (I have a module for
> 2.4 that tells you the hook and the module that returned an error -- if it
> was returned across a module interface -- but it is not fun to activate
> since it requires rebuilding httpd.  See
> http://emptyhammock.blogspot.com/2014/05/which-apache-httpd-module-failed-request.html
> )
>
>
>> --
>> Thanks,
>> Tom Purcell
>> Cell: 215-779-1963
>>
>>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>


-- 
Thanks,
Tom Purcell
Cell: 215-779-1963

[users@httpd] mod_ssl, poodle and SSLv2Hello

2014-10-17 Thread Matthew Hughes 
Many SSL clients, notably JDK 6, use the SSLv2Hello protocol to handshake with 
the server.  Using this protocol does *not* mean you are using SSL 2.0 or 3.0 
for that matter; it is merely a handshake to determine *which* protocol to use. 
 [http://tools.ietf.org/html/rfc5246#appendix-E.2]

However, in Apache, if you disable SSLv3 support, this apparently removes 
support for the SSLv2Hello protocol.  Apache Tomcat has explicit support for 
SSLv2Hello; that is, you can enable that, but not enable SSLv3.  

Is there any way to do this in Apache?  
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache HTTPD sends a 400 the client gets a 200

2014-10-17 Thread Jeff Trawick 
On Fri, Oct 17, 2014 at 12:10 PM, Tom Purcell  wrote:

> Hello
>
> We have an application that consists of REST endpoints on a jboss
> server(5.1.0) fronted by Apache httpd(2.2.15). When a client makes a bad
> request it usually gets the expected 400 http response code but sometimes
> the client sees a 200. This happens sporadically. Two days ago I ran a test
> where it happened 11 out of 20 times. Today the highest occurrence has been
> 3 out of 40.
>
> To add some context here's some output from the test. Note both calls are
> identical but one gets a 400, the other 200:
>
>> curl -s -D- -u user:passwd -X POST --data @uc.json 
>> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>>
>> 21 :  HTTP/1.1 400 Bad Request^M Date: Wed, 15 Oct 2014 18:44:22 GMT^M 
>> X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1^M Content-Type: 
>> application/json^M Content-Length: 361^M Connection: close^M ^M^M { 
>> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
>> {level=\"error\", 
>> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
>> keyword=\"enum\", message=\"instance does not match any enum value\", 
>> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>>
>> curl -s -D- -u user:passwd -X POST --data @uc.json 
>> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>>
>> 22 :  HTTP/1.1 200 OK^M Date: Wed, 15 Oct 2014 18:44:24 GMT^M 
>> Transfer-Encoding: chunked^M Content-Type: text/plain; charset=UTF-8^M ^M { 
>> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
>> {level=\"error\", 
>> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
>> keyword=\"enum\", message=\"instance does not match any enum value\", 
>> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>>
>> The following are the Apache ssl_access.log entries that correspond to
> the above calls. Note both got a 400:
>
>> 10.102.211.152 - - [15/Oct/2014:14:44:22 -0400] "POST 
>> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>>
>> 10.102.211.152 - - [15/Oct/2014:14:44:24 -0400] "POST 
>> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>>
>> More context:
>
>
>- This never happens going directly against the jboss server
>- It does happen both with and without SSL when hitting Apache
>- The tests results shown above were run with using curl as a client
>but we have also seen it happen with other clients(Charles, wireshark, IOS
>apps, etc)
>- Note that the 200 response above does not mention the jboss server
>but that the 400 does. I have verified that both requests hit the jboss
>server by locating the stack traces in the jboss log.
>- Normally there is an F5 in the mix and when hitting the app through
>it we get the same results. That said the tests referred to here
>bypassed the F5 and hit the Apache server directly
>
> So we should get a 400 but when it gets to the client the response code is
> 200. Any thoughts?
>

Maybe some component encountered a problem which caused it to set status to
400 AFTER httpd had already built the response header with 200 and passed
it down towards the network.

Is anything in the error log?  If not, do you have an available tracing
mechanism that shows function return values?  Often an HTTP status code
will be the return value of a function at some point.  (I have a module for
2.4 that tells you the hook and the module that returned an error -- if it
was returned across a module interface -- but it is not fun to activate
since it requires rebuilding httpd.  See
http://emptyhammock.blogspot.com/2014/05/which-apache-httpd-module-failed-request.html
)


> --
> Thanks,
> Tom Purcell
> Cell: 215-779-1963
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

[users@httpd] Apache HTTPD sends a 400 the client gets a 200

2014-10-17 Thread Tom Purcell 
Hello

We have an application that consists of REST endpoints on a jboss
server(5.1.0) fronted by Apache httpd(2.2.15). When a client makes a bad
request it usually gets the expected 400 http response code but sometimes
the client sees a 200. This happens sporadically. Two days ago I ran a test
where it happened 11 out of 20 times. Today the highest occurrence has been
3 out of 40.

To add some context here's some output from the test. Note both calls are
identical but one gets a 400, the other 200:

> curl -s -D- -u user:passwd -X POST --data @uc.json 
> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>
> 21 :  HTTP/1.1 400 Bad Request^M Date: Wed, 15 Oct 2014 18:44:22 GMT^M 
> X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1^M Content-Type: 
> application/json^M Content-Length: 361^M Connection: close^M ^M^M { 
> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
> {level=\"error\", 
> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
> keyword=\"enum\", message=\"instance does not match any enum value\", 
> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>
> curl -s -D- -u user:passwd -X POST --data @uc.json 
> https://ourdomain.com/ourapp/rest/v3/subscriber//user/0 2>&1
>
> 22 :  HTTP/1.1 200 OK^M Date: Wed, 15 Oct 2014 18:44:24 GMT^M 
> Transfer-Encoding: chunked^M Content-Type: text/plain; charset=UTF-8^M ^M { 
> "ErrorMessage" : { "errorMessage" : "Json validation failure: 
> {level=\"error\", 
> schema={\"loadingURI\":\"#\",\"pointer\":\"/properties/userConfig/properties/userType\"},
>  instance={\"pointer\":\"/userConfig/userType\"}, domain=\"validation\", 
> keyword=\"enum\", message=\"instance does not match any enum value\", 
> enum=[\"0\",\"1\",\"3\"], value=0}" } }
>
> The following are the Apache ssl_access.log entries that correspond to the
above calls. Note both got a 400:

> 10.102.211.152 - - [15/Oct/2014:14:44:22 -0400] "POST 
> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>
> 10.102.211.152 - - [15/Oct/2014:14:44:24 -0400] "POST 
> /ourapp/rest/v3/subscriber//user/0 HTTP/1.1" 400 361
>
> More context:


   - This never happens going directly against the jboss server
   - It does happen both with and without SSL when hitting Apache
   - The tests results shown above were run with using curl as a client but
   we have also seen it happen with other clients(Charles, wireshark, IOS
   apps, etc)
   - Note that the 200 response above does not mention the jboss server but
   that the 400 does. I have verified that both requests hit the jboss server
   by locating the stack traces in the jboss log.
   - Normally there is an F5 in the mix and when hitting the app through it
   we get the same results. That said the tests referred to here bypassed
   the F5 and hit the Apache server directly

So we should get a 400 but when it gets to the client the response code is
200. Any thoughts?

-- 
Thanks,
Tom Purcell
Cell: 215-779-1963

[users@httpd] RewriteCond not working ...

2014-10-17 Thread Marcelo Custódio 
hey I need a condition + rule like this: wheter I go to www.example.com it
serves me index.php but otherwise if I go to www.example.com/my-article it
points me out to show_post.php?url=$1

I´ve tried this: http://apaste.info/6i2 . Please note RewriteRule
^viewpost-([^/]*)$ show_post.php?url=$1 [L] is just a workaround and not my
final intention ( it works when I request
www.example.com/viewpost-my-article but my intention is
www.example.com/my-article )


Thanks in advance !

Re: [users@httpd] Apache Upgrade

2014-10-17 Thread Pete Houston 
On Fri, Oct 17, 2014 at 10:53:03AM +, pratibha.dhank...@wipro.com wrote:
> Can someone please suggest steps to upgrade Apache 2.2.21 to 2.2.29? It's a 
> little urgent requirement.

http://httpd.apache.org/docs/2.2/install.html#upgrading

Pete
-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107


pgpFgu4cBnxbr.pgp
Description: PGP signature

[users@httpd] Apache Upgrade

2014-10-17 Thread pratibha.dhankhar 
Hi All,


Can someone please suggest steps to upgrade Apache 2.2.21 to 2.2.29? It's a 
little urgent requirement.





--
Regards
Pratibha

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com