On Mon, Feb 20, 2012 at 4:16 PM, Phil Smith <philbo...@gmail.com> wrote: > On Mon, Feb 20, 2012 at 8:54 AM, Tom Evans <tevans...@googlemail.com> wrote: >> On Mon, Feb 20, 2012 at 1:16 PM, Steve Swift <swi...@swiftys.org.uk> wrote: >>> Ah, but the "sh" error means that my code never starts executing. If the >>> very first line of my code were to get executed, then the error message >>> would come from the error handlers in my code, but nothing in my code >>> executes under these circumstances. >>> >>> So, without a single byte of my code changing (including the shebang; the >>> file's "last changed" timestamp is usually months in the past), the script >>> will run happily for months on end, encounter one of these weird "sh" >>> errors, then go back to working again. >>> >> >> I'll try and make it clearer - Apache *does not* invoke sh, *for any >> reason*. > > An apache module, maybe? > >> If sh is being invoked, your script is doing it. If you see >> sh errors in your error log, then your script is invoking sh >> incorrectly. > > Do you agree that if it is a script as you suggest causing the sh > errors, then the request causing that script to run must related to > something in my access log either directly or indirectly? While trying > to debug this I wrote a script that causes an error on my apache > server every second. So, I have a very good set of timestamps being > written to my apache error log. I assume that if it is truly a request > being made to my server, that the sh error should be written to the > error log within a few seconds of the request. > > I'm seeing nothing but GET requests in my access log around the time > of the sh error, as such, they are very repeatable and I attempt to > repeat them and no 'sh' error is produced.
Right. But you're not the user requesting the script. Your environment is different. For example, your script may be doing something based upon the HTTP_REFERER, say shelling to run 'host', but passing it invalid input, because the input supplied was not valid. This results in the error, which is written to your error log. You try to repeat the error. You run the same script, but because your HTTP_REFERER is different/sane, there is no invalid input, and you do not see the error. > > Further, quite often the 'sh' errors occur in clusters. As such, I > would expect a group of similar/identical requests to be written to my > access log around the same second and I don't. One request could generate multiple errors. A cluster of errors does not indicate a cluster of requests. > > On the face of it, I would suggest the same thing as being suggested > here, the problem is with a script being invoked by a request, but the > access log isn't backing it up with evidence. > > Do you have any suggestions for some way of mapping the sh error back > to the IP address making the request (assuming it's an external > request)? That would be helpful in attributing the error to a given > request, but I can't think of a way to do that. > > Thanks. > I would attempt to determine the request that causes the error, and then look at all shell invocations within that script. One thing you can do is to add the request processing time into the logs (CustomLog, request time is %T), so you can see the log time, and the processing time, and match the error log entries into those timeframes. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
