100% cpu with double slash in beginning of URI (Linux64)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.

I am currently investigating a misbehaving apache httpd 2.2.21 with apr
1.4.5 on linux 64-bit.

I have a virtual domain defined as (it runs behind a 1-on-1 nat, hence
the rfc 1918 address) :

<VirtualHost 192.168.3.2:80>
  ServerName sub.domain.tld
  ServerAdmin webmaster@xxxxxxxxxxxxxx
  ServerAlias www.sub.domain.tld
  ServerPath /var/www/customer/sub.domain.tld
  DocumentRoot /var/www/customer/sub.domain.tld/html
  ErrorLog /var/www/customer/sub.domain.tld/log/error_log
  CustomLog /var/www/customer/sub.domain.tld/log/access_log combined
  php_value include_path /var/www/customer/sub.domain.tld/inc:.
</VirtualHost>h


<Directory "/var/www/customer/sub.domain.tld/html">
  Options Indexes FollowSymLinks MultiViews
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>


That domain runs a custom php-application (originally believed to be the
culprint) on php 5.3.8.

Inside the document root there is a .htaccess file with the following
one line of content:

ErrorDocument 404 /404.php

During test I found out, that even a plain html-file has the same
problem (i.e. ErrorDocument 404 /404.html ), so currently I think I am
ruling out PHP even tough it is easier to hit with a php script (or
maybe there are two different issues).

To the problem:

** if anyone visits http://sub.domain.tld// (note double slash at end)
the server goes 100% cpu and seemingly never recovers until a apachectl
restart has been issued. **

If it is php the doubleslash only has to appear anywhere in the URI
(with a plain html it seems it needs to be in front).

There is absolutely nothing in the log files (neither for the domain
itself nor the overall apache ones in /var/log/ nor the general syslogs)

I have tried to triage it (including googling it) for days, but the only
thing I find are some messages from 2004 that seemingly describes a
different problem (and of course thousands of messages of how to get rid
of double slashes from a badly written CMS).

My big problem is even bigger as seemingly some crawler bots for search
engines starts their requests with a double slash.. and as they are
firing of multiple request at once, they practically kills the server.

I hope someone has some ideas, and I will be willing to run any
reasonable test (it is a production server tough)

Thanks in advance

Svenne

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux