AW: [users@httpd] Apache HTTPD sends a 400 the client gets a 200

2014-10-20 Thread Fiedler Roman
send the 400 response, operation of Apache on reply data from jboss has to be the cause, hence request/response data should give a hint. > On Mon, Oct 20, 2014 at 3:57 AM, Fiedler Roman > wrote: > > > Hello Tom, > > > Von: Tom Purcell [mailto

AW: [users@httpd] Apache HTTPD sends a 400 the client gets a 200

2014-10-20 Thread Fiedler Roman
Hello Tom, > Von: Tom Purcell [mailto:tpurc...@chariotsolutions.com] > > Hello > > We have an application that consists of REST endpoints on a jboss > server(5.1.0) fronted by Apache httpd(2.2.15). When a client makes a bad > request it usually gets the expected 400 http response code but sometime

AW: [users@httpd] strange 32bit apache-problem

2014-09-15 Thread Fiedler Roman
> Von: Hajo Locke [mailto:hajo.lo...@gmx.de] > > Hello, > > Am 15.09.2014 um 11:57 schrieb Fiedler Roman: > > Hi, > > > >> Von: Hajo Locke [mailto:hajo.lo...@gmx.de] > >> > >> Hello, > >> > >> one of my machines i upgraded

AW: [users@httpd] strange 32bit apache-problem

2014-09-15 Thread Fiedler Roman
Hi, > Von: Hajo Locke [mailto:hajo.lo...@gmx.de] > > Hello, > > one of my machines i upgraded tu ubuntu 14.04 32bit. > there is a apache 2.2.27 running on it (non ubuntu-repo). > i have a textfile which is 512byte long, it contains just some chars, > just one long line with a linebreak at the end.

[users@httpd] mod_dumpio/forensic log and the quest for the lost bytes

2014-09-09 Thread Fiedler Roman
Hello List, I'm running an Apache on SSL with PFS and suspect, that there is something hidden in a SSL request we are receiving because Apache does not respond with the usual 404 (not found) but 400 (bad request) and I have no explanation why. To track down the strange request, I tried forensic l

AW: AW: [users@httpd] ssl setup checking

2013-10-09 Thread Fiedler Roman
> Von: Robin Becker [mailto:ro...@reportlab.com] > > On 09/10/2013 13:15, Fiedler Roman wrote: > .. > > > > Unless you want to use client certificates from globalsign, > "SSLCACertificateFile" will not make sense. See [1] > > > > Roman &

AW: [users@httpd] ssl setup checking

2013-10-09 Thread Fiedler Roman
> Von: Robin Becker [mailto:ro...@reportlab.com] > > On 07/10/2013 20:26, Yehuda Katz wrote: > > OpenSSL supports each of the options you need (one at a time). > > http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/ > > Just add the server to the hosts file. > > > > - Y >

[users@httpd] Unexpected request for client certificate on whole site with location/directory-based SSLVerifyClient

2013-10-09 Thread Fiedler Roman
Dear List, I'm trying to implement SSL-client certificate check for only some selected URLs, but some things do not work as expected: * Although "SSLVerifyClient none" for whole vhost and only " SSLVerifyClient require" for location "/test", Firefox on Linux will ask for the certificate on all