Package: apache2 Version: 2.4.59-1~deb12u1 Severity: normal Dear Maintainer,
apache 2.4.59 is send correct 100 Continue responce by HTTP, but not by HTTPS. Sample html POST form is in 100c.htm, sample bash script is in 100c.cgi *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** -- Package-specific info: -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-21-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.59-1~deb12u1 ii apache2-data 2.4.59-1~deb12u1 ii apache2-utils 2.4.59-1~deb12u1 ii init-system-helpers 1.65.2 ii lsb-base 11.6 ii media-types 10.0.0 ii perl 5.36.0-7+deb12u1 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii lynx [www-browser] 2.9.0dev.12-1 Versions of packages apache2-bin depends on: ii libapr1 1.7.2-3 ii libaprutil1 1.6.3-1 ii libaprutil1-dbd-sqlite3 1.6.3-1 ii libaprutil1-ldap 1.6.3-1 ii libbrotli1 1.0.9-2+b6 ii libc6 2.36-9+deb12u7 ii libcrypt1 1:4.4.33-2 ii libcurl4 7.88.1-10+deb12u5 ii libjansson4 2.14-2 ii libldap-2.5-0 2.5.13+dfsg-5 ii liblua5.3-0 5.3.6-2 ii libnghttp2-14 1.52.0-1+deb12u1 ii libpcre2-8-0 10.42-1 ii libssl3 3.0.11-1~deb12u2 ii libxml2 2.9.14+dfsg-1.3~deb12u1 ii perl 5.36.0-7+deb12u1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii lynx [www-browser] 2.9.0dev.12-1 Versions of packages apache2 is related to: ii apache2 2.4.59-1~deb12u1 ii apache2-bin 2.4.59-1~deb12u1 -- Configuration Files: /etc/apache2/apache2.conf changed: ServerRoot "/etc/apache2" Mutex file:${APACHE_LOCK_DIR} default DefaultRuntimeDir ${APACHE_RUN_DIR} PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 1000 KeepAliveTimeout 5 User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} HostnameLookups Off ErrorLog /var/log/httpd/error.log LogLevel warn NoProxy "maasoftware.ru" "192.162.244.247/32" "192.162.244.248/32" "[2a13:3d80:0:6::d]/128" "[2a13:3d80:0:6::e]/128" IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf <FilesMatch ".+\.__php$"> SetHandler application/x-httpd-php </FilesMatch> Include ports.conf AccessFileName .htaccess <FilesMatch "^\.ht"> Require all denied </FilesMatch> LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%a %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent IncludeOptional conf-enabled/*.conf <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> </IfModule> </IfModule> ServerAdmin supp...@maasoftware.ru ServerName maasoftware.ru:80 DocumentRoot "/var/www" <Directory /> Options FollowSymLinks AllowOverride None #Order deny,allow #Deny from all Require all denied </Directory> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # # # Controls who can get stuff from this server. # <Directory "/var/www"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options +Indexes +FollowSymLinks +ExecCGI +Includes # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #AllowOverride None AllowOverride All <Limit PUT DELETE> Require all denied </Limit> # # Controls who can get stuff from this server. # #Order allow,deny #Allow from all Require all granted </Directory> <Directory "/usr/share/php"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options +Indexes +FollowSymLinks -ExecCGI +Includes # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #AllowOverride None AllowOverride All <Limit PUT DELETE> Require all denied </Limit> # # Controls who can get stuff from this server. # #Order allow,deny #Allow from all Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <FilesMatch "^\.ht"> #Order allow,deny #Deny from all Require all denied #Satisfy All </FilesMatch> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # # You need to enable mod_logio.c to use %I and %O # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog "logs/access_log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # <IfModule alias_module> # # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location. # Example: # Redirect permanent /foo http://www.example.com/bar # # Alias: Maps web paths into filesystem paths and is used to # access content that does not live under the DocumentRoot. # Example: # Alias /webpath /full/filesystem/path # # If you include a trailing / on /webpath then the server will # require it to be present in the URL. You will also likely # need to provide a <Directory> section to allow access to # the filesystem path. # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # </IfModule> <IfModule cgid_module> # # ScriptSock: On threaded servers, designate the path to the UNIX # socket used to communicate with the CGI daemon of mod_cgid. # Scriptsock logs/cgisock </IfModule> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # TypesConfig mime.types # # AddType allows you to add to or override the MIME configuration # file specified in TypesConfig for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi AddHandler cgi-script .cgi AddHandler cgi-script .__cgi # For type maps (negotiated resources): #AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # #AddType text/html .shtml #AddOutputFilter INCLUDES .shtml AddType text/html .shtml AddOutputFilter INCLUDES .shtml #AddOutputFilter INCLUDES .__cgi AddOutputFilter INCLUDES .__php <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> StartServers 5 MinSpareServers 5 MaxSpareServers 10 ServerLimit 210 MaxClients 210 MaxRequestWorkers 210 MaxConnectionsPerChild 4096 IncludeOptional sites-enabled-default/*.conf IncludeOptional sites-enabled/* /etc/apache2/conf-available/security.conf changed: ServerTokens Prod ServerSignature Off TraceEnable Off /etc/apache2/conf-available/serve-cgi-bin.conf changed: <IfModule mod_alias.c> <IfModule mod_cgi.c> Define ENABLE_USR_LIB_CGI_BIN </IfModule> <IfModule mod_cgid.c> Define ENABLE_USR_LIB_CGI_BIN </IfModule> <IfDefine ENABLE_USR_LIB_CGI_BIN> #ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all granted </Directory> </IfDefine> </IfModule> /etc/apache2/ports.conf changed: Listen 192.162.244.247:80 Listen 192.162.244.248:80 Listen [2a13:3d80:0:6::d]:80 Listen [2a13:3d80:0:6::e]:80 <IfModule ssl_module> Listen 192.162.244.247:443 Listen 192.162.244.248:443 Listen [2a13:3d80:0:6::d]:443 Listen [2a13:3d80:0:6::e]:443 </IfModule> <IfModule mod_gnutls.c> Listen 192.162.244.247:443 Listen 192.162.244.248:443 Listen [2a13:3d80:0:6::d]:443 Listen [2a13:3d80:0:6::e]:443 </IfModule> /etc/logrotate.d/apache2 changed: /var/log/apache2/*.log111 { daily missingok rotate 14 compress delaycompress notifempty create 640 root adm sharedscripts prerotate if [ -d /etc/logrotate.d/httpd-prerotate ]; then run-parts /etc/logrotate.d/httpd-prerotate fi endscript postrotate if pgrep -f ^/usr/sbin/apache2 > /dev/null; then invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate fi endscript } -- no debconf information
#!/bin/sh echo "Status: 100 Continue" echo "Content-Type: text/html" echo "Content-Length: 0" echo "Connection: Keep-Alive" echo "Cache-control: no-cache" echo "Cache-control: no-transform" echo echo "HTTP/1.1 100 Continue" echo "Content-Type: text/html" echo "Content-Length: 0" echo "Connection: Keep-Alive" echo "Cache-control: no-cache" echo "Cache-control: no-transform" echo echo "HTTP/1.1 200 OK" echo "Content-Type: text/html" echo "Content-Length: 10" echo "Connection: close" echo "Cache-control: no-cache" echo "Cache-control: no-transform" echo echo -n "0123456789"
<!DOCTYPE html> <html> <head> <title>100 Continue test</title> </head> <body> HTTP no error, HTTPS invalid responce<br> <br> multipart/form-data<br> <form action="100c.cgi" method="POST" enctype="multipart/form-data"> <input type="text" name="testname" value="testvalue"> <input type="submit" value="Submit"> </form> <br> application/x-www-form-urlencoded<br> <form action="100c.cgi" method="POST" enctype="application/x-www-form-urlencoded"> <input type="text" name="testname" value="testvalue"> <input type="submit" value="Submit"> </form> </body> </html>