git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62456] New: LogLevel core:debug needed to see reason for HTTP 400 bad request; unusual setting for prod


https://bz.apache.org/bugzilla/show_bug.cgi?id=62456

            Bug ID: 62456
           Summary: LogLevel core:debug needed to see reason for HTTP 400
                    bad request; unusual setting for prod
           Product: Apache httpd-2
           Version: 2.4.33
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Core
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: chris@xxxxxxxxxxxxxxxxxxx
  Target Milestone: ---

Created attachment 35967
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35967&action=edit
Patch suggestion to replace APLOG_DEBUG with APLOG_INFO

With changes for
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25
important: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions
was introduced and defaults to strict in 2.4.24

It took me two days on prod environemnt to understand why HTTP Requests got
rejected with HTTP 400 Bad Request.

If I would have had LogLevel core:debug it would have been faster, but this is
not
the expected LogLevel on Prod Systems.

[Thu Jun 14 09:38:22.660889 2018] [core:debug] [pid x:tid x] protocol.c(839):
[client XXX:38308] AH03448: HTTP Request Line; Excess whitespace (disallowed by
HttpProtocolOptions Strict

I suggest to replace in server/protocol.c around line 820 all APLOG_DEBUG with 
APLOG_WARNING or APLOG_INFO   So that the reason gets obvious in logs, like it
was done with eg. APLOGNO(00561)


    if (deferred_error != rrl_none) {
        if (deferred_error == rrl_badmethod)
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445)
                          "HTTP Request Line; Invalid method token: '%.*s'",
                          field_name_len(r->method), r->method);
        else if (deferred_error == rrl_badmethod09)
...
        else if (deferred_error == rrl_badprotocol)
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418)
                          "HTTP Request Line; Unrecognized protocol '%.*s' "
                          "(perhaps whitespace was injected?)",
                          field_name_len(r->protocol), r->protocol);
        r->status = HTTP_BAD_REQUEST;
        goto rrl_failed;
    }

Sorry I am not to test compile the attached patch suggestion!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx