On Mon, Jul 16, 2018 at 4:53 PM, James Moe <[email protected]> wrote:
> > After the upgrade from v2.4.23 to v2.4.33, https requests yield error > 403: > Access forbidden! > You don't have permission to access the requested directory. There is > either no index document or the directory is read-protected. > Likely answered elsewhere. > http requests yield eroor 400: > Bad request! > Your browser (or proxy) sent a request that this server could not > understand. > That is straightforward, your *client*, not httpd, has been sending bad requests. Those might have CR or LF line endings, but failed to send both CR+LF as required by the spec. It might be sending a badly formatted request line, or invalid request header lines. LogLevel debug here would be your friend, or you can use wireshark to look at a request. 'HttpProtocolOptions unsafe' config option can allow some of this very unwise traffic to pass, but fixing the client is the correct solution.
