Fixed in development release, targeting to lucid as well.
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
** Also affects: apache2 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu Lucid)
Importance: Undecided = High
--
Status of Impact: Lucid was shipped with a bug in apache that will have
hundreds of client sent HTTP/1.1 request without a hostname. This has
been fixed in apache 2.2.16 and have been backported to lucid.
How to reproduce:
1. Install apache with mod_ssl.
2. Watch your logs fill up with the
** Patch added: apache.debdiff
http://launchpadlibrarian.net/53182798/apache.debdiff
** Summary changed:
- client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
+ [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section
14.23)
--
[SRU] client sent
Fixed in development release, targeting to lucid as well.
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
** Also affects: apache2 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu Lucid)
Importance: Undecided = High
--
Status of Impact: Lucid was shipped with a bug in apache that will have
hundreds of client sent HTTP/1.1 request without a hostname. This has
been fixed in apache 2.2.16 and have been backported to lucid.
How to reproduce:
1. Install apache with mod_ssl.
2. Watch your logs fill up with the
** Patch added: apache.debdiff
http://launchpadlibrarian.net/53182798/apache.debdiff
** Summary changed:
- client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
+ [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section
14.23)
--
[SRU] client sent
Yes it should not be marked as fixed.
** Changed in: apache2 (Ubuntu)
Status: Fix Released = In Progress
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
Just to chime in, this is affecting my 10.04 LTS nodes talking to my
recently upgraded 10.04 LTS puppet master. Puppet sits behind Apache
with mod_proxy_balancer and mod_ssl. I disabled reqtimeout and have yet
to see this re-appear.
--
client sent HTTP/1.1 request without hostname (see RFC2616
Yes it should not be marked as fixed.
** Changed in: apache2 (Ubuntu)
Status: Fix Released = In Progress
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
Just to chime in, this is affecting my 10.04 LTS nodes talking to my
recently upgraded 10.04 LTS puppet master. Puppet sits behind Apache
with mod_proxy_balancer and mod_ssl. I disabled reqtimeout and have yet
to see this re-appear.
--
client sent HTTP/1.1 request without hostname (see RFC2616
2.2.16-1ubuntu1 is not in lucid
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs
2.2.16-1ubuntu1 is not in lucid
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This bug was fixed in the package apache2 - 2.2.16-1ubuntu1
---
apache2 (2.2.16-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add
This bug was fixed in the package apache2 - 2.2.16-1ubuntu1
---
apache2 (2.2.16-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add
Looks like that apache/mod_ssl fix is only in the httpd trunk, doesnt
seem like it's made it into the 2.2 branch even though the fix is 2 yrs
old. What's the plan for putting into the Ubuntu's apache distro?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
It's scheduled (apache) to backport this fix to 2.2.x branch
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?revision=979087view=markup
Quick fix is to uninstall optimized libc library libc6-i686.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
Looks like that apache/mod_ssl fix is only in the httpd trunk, doesnt
seem like it's made it into the 2.2 branch even though the fix is 2 yrs
old. What's the plan for putting into the Ubuntu's apache distro?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
It's scheduled (apache) to backport this fix to 2.2.x branch
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?revision=979087view=markup
Quick fix is to uninstall optimized libc library libc6-i686.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
I think Jiří found the source of the problem, but it is a mod_ssl bug
after all. Reassigning to apache2.
This would be https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
** Bug watch added: Apache Software Foundation Bugzilla #45444
I think Jiří found the source of the problem, but it is a mod_ssl bug
after all. Reassigning to apache2.
This would be https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
** Bug watch added: Apache Software Foundation Bugzilla #45444
Maybe I found a solution (bug in memcpy routine) Bug #609290
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
I'm having a similar problem, but I really don't know if it is related.
I'm running lucid 10.04 on a 32bit xen machine (on ec2). We're getting
the request failed: error reading the headers error intermittently.
However, it affects all requests after an apache2 restart. There are no
error
Time for me to chime in, we're also affected by this issue.
I'm getting (a lot of) status 400 errors in the middle of a svn checkout
when using https. When using http I have no such issues.
I've tried disabling mod_deflate and mod_reqtimeout, and this doesn't
complete solve the problems.
I'm
Just to let all know, we are also having this issue, and am anxiously
awaiting a fix :-) I'd be happy to try any fixes as well.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are
** Changed in: eglibc (Ubuntu)
Importance: Medium = High
** Changed in: eglibc (Ubuntu)
Status: Incomplete = Confirmed
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are
see eglibc in lucid-proposed for a fix
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Which version is that? I was using 2.11.1-0ubuntu7.2 and I'm not seeing
a more recent version
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which
I have now installed
libc6:
Installiert: 2.11.1-0ubuntu7.2
Kandidat: 2.11.1-0ubuntu7.2
Versions-Tabelle:
*** 2.11.1-0ubuntu7.2 0
400 http://de.archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
100 /var/lib/dpkg/status
2.11.1-0ubuntu7.1 0
900
* Stefan Fritsch s...@sfritsch.de:
But the bug disappears if I do
mv /lib/i686 /lib/disabled_i686
I will try to reproduce this here
There was a bug recently in Debian related to some gcc versions creating
wrong code for SSE4. Maybe that is the problem here, too.
What CPUs do you
* Stefan Fritsch s...@sfritsch.de:
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the
openssl-libs with the
* Stefan Fritsch s...@sfritsch.de:
But the bug disappears if I do
mv /lib/i686 /lib/disabled_i686
I will try to reproduce this here
There was a bug recently in Debian related to some gcc versions creating
wrong code for SSE4. Maybe that is the problem here, too.
What CPUs do you
* Stefan Fritsch s...@sfritsch.de:
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the
openssl-libs with the
I think we ruled out an Apache2 error here...
** Package changed: apache2 (Ubuntu) = eglibc (Ubuntu)
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs,
mod_reqtimeout could be a reason, since it has been activated according
to apt-listchanges:
apache2 (2.2.15-1) unstable; urgency=low
* This release adds and enables mod_reqtimeout, which limits the time
Apache waits for a client to send a complete request. This helps to
mitigate against
* Stefan Fritsch s...@sfritsch.de:
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the openssl-libs
with the versions from karmic and mod_ssl.so with
Actually, I have reproduced bug #595116 and not this one, but I still
think it's the same.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server Team, which
mod_reqtimeout could be a reason, since it has been activated according
to apt-listchanges:
apache2 (2.2.15-1) unstable; urgency=low
* This release adds and enables mod_reqtimeout, which limits the time
Apache waits for a client to send a complete request. This helps to
mitigate against
* Stefan Fritsch s...@sfritsch.de:
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the openssl-libs
with the versions from karmic and mod_ssl.so with
Actually, I have reproduced bug #595116 and not this one, but I still
think it's the same.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Any news on this subject? I'm experiencing the same issue since the
upgrade on ubuntu 10.04.
I have seen Bad Request-error pages in Safari 4 and 5 and in the
error-log I get client sent HTTP/1.1 request without hostname errors
for the corresponding requests.
It is however not reproducible, after
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any difference.
--
client sent HTTP/1.1
Any news on this subject? I'm experiencing the same issue since the
upgrade on ubuntu 10.04.
I have seen Bad Request-error pages in Safari 4 and 5 and in the
error-log I get client sent HTTP/1.1 request without hostname errors
for the corresponding requests.
It is however not reproducible, after
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any difference.
--
client sent HTTP/1.1
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your Apache configuration. In
particular, did you use
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server
* Thierry Carrez thierry.car...@ubuntu.com:
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your
* Thierry Carrez thierry.car...@ubuntu.com:
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
I have no access to the clients.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
You have no access to the client, but you can trace in the server logs
the UserAgent field as sent by the clients.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your Apache configuration. In
particular, did you use
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs,
* Thierry Carrez thierry.car...@ubuntu.com:
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your
* Thierry Carrez thierry.car...@ubuntu.com:
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
I have no access to the clients.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
You have no access to the client, but you can trace in the server logs
the UserAgent field as sent by the clients.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
Ralf,
but the client sends the http request headers with an empty Hostname: header or
did I miss something,
if Hostname header is not set it's http/1.0 ... I wonder if it's a client
problem
Regards,
\sh
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
* Before update: no occurences
* After update: Thousands of occurences
Hmm, and this with the same set of 18.000 users.
I already checked if it's one special type of client, but that is not
the case. I'm seeing this form IE, from Safari, from Windows, from Mac.
It's a regression of some kind.
** Attachment added: Dependencies.txt
http://launchpadlibrarian.net/49654841/Dependencies.txt
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Bugs, which
There were no updates on the 2nd of May, the only changes were on the
30th of April, - the lucid update...
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Ralf,
but the client sends the http request headers with an empty Hostname: header or
did I miss something,
if Hostname header is not set it's http/1.0 ... I wonder if it's a client
problem
Regards,
\sh
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
* Before update: no occurences
* After update: Thousands of occurences
Hmm, and this with the same set of 18.000 users.
I already checked if it's one special type of client, but that is not
the case. I'm seeing this form IE, from Safari, from Windows, from Mac.
It's a regression of some kind.
61 matches
Mail list logo