On Oct 1, 2024, at 8:25 PM, Mark Sapiro <m...@msapiro.net> wrote:
External Email On 10/1/24 11:43, Johnson, Bruce E - (bjohnson) wrote: > One of our list moderators got the following website error after trying to > approve a posting to a moderated list: > > > "Bad Request > > Your browser sent a request that this server could not understand. > > Size of a request header field exceeds server limit." > > > Someone else was able to approve the same message after she logged in to the > pending requests page. > > > I could not find any reference to this web server rotor in > /various/log/httpd/error_log or ssl_error_log /var/ > > > Where does Mailman log it’s http errors and what could cause this error? I seriously doubt that this request got to Mailman or even to Django. It looks like the error came from the web server. Can you find the request in other web server logs - maybe some access_log. Mailman may have an access_log and error_log in it's var/logs/ directory (or wherever it keeps its logs. This is Mailman2 so not Django (I think) . The error WAS from the web server, but while her address shows in the access logs, it does not in the error logs. There seems nothing unusual in the access_log or ssl_request_log for her IP address on the date and approximate time. She’s told me it ‘occasionally happens’ but doesn’t seem connected to any thing other than approving a message (but that is the only time she ever interfaces with the Mailman web server) there are the normal access log entries for it, Nothing in the actual https error logs than the usual stuff like "AH00126: Invalid URI in request GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1” kind of script-kiddie-like stuff, mostly from our on-campus Nessus scanning, or CISA scanning for vulnerable hosts, and nothing around the time that she got this error It’s very odd. I’ve requested that she let me know immediately the next time it happens so I can get more accurate timing. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
