Fixed in development release, targeting to lucid as well.
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
** Also affects: apache2 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu Lucid)
Importance: Undecided = High
--
Status of Impact: Lucid was shipped with a bug in apache that will have
hundreds of client sent HTTP/1.1 request without a hostname. This has
been fixed in apache 2.2.16 and have been backported to lucid.
How to reproduce:
1. Install apache with mod_ssl.
2. Watch your logs fill up with the
** Patch added: apache.debdiff
http://launchpadlibrarian.net/53182798/apache.debdiff
** Summary changed:
- client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
+ [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section
14.23)
--
[SRU] client sent
Yes it should not be marked as fixed.
** Changed in: apache2 (Ubuntu)
Status: Fix Released = In Progress
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
Just to chime in, this is affecting my 10.04 LTS nodes talking to my
recently upgraded 10.04 LTS puppet master. Puppet sits behind Apache
with mod_proxy_balancer and mod_ssl. I disabled reqtimeout and have yet
to see this re-appear.
--
client sent HTTP/1.1 request without hostname (see RFC2616
2.2.16-1ubuntu1 is not in lucid
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs
This bug was fixed in the package apache2 - 2.2.16-1ubuntu1
---
apache2 (2.2.16-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add
Looks like that apache/mod_ssl fix is only in the httpd trunk, doesnt
seem like it's made it into the 2.2 branch even though the fix is 2 yrs
old. What's the plan for putting into the Ubuntu's apache distro?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
It's scheduled (apache) to backport this fix to 2.2.x branch
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?revision=979087view=markup
Quick fix is to uninstall optimized libc library libc6-i686.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
I think Jiří found the source of the problem, but it is a mod_ssl bug
after all. Reassigning to apache2.
This would be https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
** Bug watch added: Apache Software Foundation Bugzilla #45444
* Stefan Fritsch s...@sfritsch.de:
But the bug disappears if I do
mv /lib/i686 /lib/disabled_i686
I will try to reproduce this here
There was a bug recently in Debian related to some gcc versions creating
wrong code for SSE4. Maybe that is the problem here, too.
What CPUs do you
* Stefan Fritsch s...@sfritsch.de:
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the
openssl-libs with the
mod_reqtimeout could be a reason, since it has been activated according
to apt-listchanges:
apache2 (2.2.15-1) unstable; urgency=low
* This release adds and enables mod_reqtimeout, which limits the time
Apache waits for a client to send a complete request. This helps to
mitigate against
* Stefan Fritsch s...@sfritsch.de:
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any
This is a rather strange bug:
- It happens if I enable exactly two out of the three modules deflate,
reqtimeout, dump_io. But not with only one or all three of them.
- I have also tried replacing mod_ssl.so, mod_deflate.so, and the openssl-libs
with the versions from karmic and mod_ssl.so with
Actually, I have reproduced bug #595116 and not this one, but I still
think it's the same.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server Team, which
Any news on this subject? I'm experiencing the same issue since the
upgrade on ubuntu 10.04.
I have seen Bad Request-error pages in Safari 4 and 5 and in the
error-log I get client sent HTTP/1.1 request without hostname errors
for the corresponding requests.
It is however not reproducible, after
I suspect this is the same issue as bug #595855 and #595116: Headers are
getting truncated with https. So far, I have no idea about the reason.
If you have mod_reqtimeout and/or mod_deflate enabled, you can try if
disabling one or both of them makes any difference.
--
client sent HTTP/1.1
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your Apache configuration. In
particular, did you use
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server
* Thierry Carrez thierry.car...@ubuntu.com:
It's definitely a client-side issue, however before your upgrade your
Apache configuration would just accept those broken requests without
error. In particular, IE6/7 are knows for broken HTTP/1.1 handling.
I wonder what changes you applied to your
* Thierry Carrez thierry.car...@ubuntu.com:
Also could you trace the Browser(s) used on those failing requests, see
if we have a pattern there ?
I have no access to the clients.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
You have no access to the client, but you can trace in the server logs
the UserAgent field as sent by the clients.
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of
Ralf,
but the client sends the http request headers with an empty Hostname: header or
did I miss something,
if Hostname header is not set it's http/1.0 ... I wonder if it's a client
problem
Regards,
\sh
--
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
* Before update: no occurences
* After update: Thousands of occurences
Hmm, and this with the same set of 18.000 users.
I already checked if it's one special type of client, but that is not
the case. I'm seeing this form IE, from Safari, from Windows, from Mac.
It's a regression of some kind.
25 matches
Mail list logo