Re: strange connections to apache2 port 443

Wed, 31 Aug 2005 01:48:01 -0700 

Tom Henderson wrote:

Hi,

I hope that I describe my problem to the right mailinglist and that
someone can give me the hint I need.

I´m running a SuSE Linux 9.0 with Apache2 2.0.53 ( installed via rpm
from ftp.suse.com ) with mod_ssl. The startup parameter for the apache
is "-D SSL".

But here comes my problem ... I´m also running an iptables firewall and
I notice a strange behaviour on my system but only when I start apache
with "-D SSL". When I run apache only with http there are no strange
connection attempts in the firewall logs.

To be more precise, my firewall logs show entries of connection attampts
from my localhost to my localhost via interface lo ( not eth0 ) from
some increacing port to port 443.

Fact is that this connections only appear when I start the apache with
"-D SSL" and I can also comment out all the virtual hosts for port 443
but that does not matter, only when I start the apache without SSL the
connections disappear.
The strange thing is that in the firewall logs there are syn, ack ...
flags but I can not find any apache2-logfile entry for one of this
connections.

Does that sound familiar to somebody?
Is there a configuration withtin the apache2 to probe the ssl aware
apache?



Hi Tom,
this is exactly what I recognized. When Apache 2.0.54 runs on RHEL AS 3 using SSL, it opens TCP connections to itself on a regular schedule.
The connections to port 443/tcp are opened by the apache parent process running as root. No information is exchanged. The TCP connection is just opened and immediately closed (FIN sent by the "client"). This was seen by iptabling 443/tcp on interface lo and watching which process had connections in the SYN_SENT state.
The error_log with "LogLevel debug" shows lots of SSL handshake errors even when no browser causes a SSL handshake error. 

Here's how apache was built:

# 22.08.05
# httpd-2.0.54
#
CFLAGS="-I/usr/kerberos/include" \
./configure \
--prefix=/opt/apache \
--sysconfdir=/etc/httpd/conf \
--enable-ssl \
--enable-mods-shared=all \
--enable-proxy \
--enable-proxy-http \
--enable-dumpio

Best regards,
Bernie
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to