Re: Re: Broken includes and cgis with Apache 2.4 update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 5, 2013 at 5:56 PM, LuKreme <kremels@xxxxxxxxx> wrote:

On 05 Aug 2013, at 15:01 , Jeff Trawick <trawick@xxxxxxxxx> wrote:

> what's in the error log (with LogLevel debug) when you request the resource that doesn't get the proper include processing?

[Mon Aug 05 15:37:46.560372 2013] [include:warn] [pid 89737] [client 23.24.150.141:59141] AH01374: mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed: /index.shtml

Wow...

Temporarily add a new line "Garbage In Out" in httpd.conf right after

Options +Indexes +FollowSymLinks +Includes -SymLinksIfOwnerMatch

and see what "apachectl -t" says?  (If it says OK, that Options +Includes isn't getting activated.)

Temporarily add "Garbage In Out" to .htaccess and make the request again.  If you don't get a 500 error (I think that's what you get for a bad .htaccess), that file isn't getting read.

Let us know what happens...


setting LogLevel trace4:

[Mon Aug 05 15:47:57.906489 2013] [http:trace4] [pid 89772] http_request.c(301): [client x.y.z.q:59435] Headers received from client:
[Mon Aug 05 15:47:57.906545 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Host: www.example.com
[Mon Aug 05 15:47:57.906557 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   DNT: 1
[Mon Aug 05 15:47:57.906567 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Connection: keep-alive
[Mon Aug 05 15:47:57.906575 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Mon Aug 05 15:47:57.906584 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.51.3 (KHTML, like Gecko) Version/7.0 Safari/537.51.3
[Mon Aug 05 15:47:57.906593 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Language: en-us
[Mon Aug 05 15:47:57.906603 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Encoding: gzip, deflate
[Mon Aug 05 15:47:57.906612 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Cache-Control: max-age=0
[Mon Aug 05 15:47:57.906680 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of Require all granted: granted
[Mon Aug 05 15:47:57.906693 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of <RequireAny>: granted
[Mon Aug 05 15:47:57.906703 2013] [core:trace3] [pid 89772] request.c(238): [client x.y.z.q:59435] request authorized without authentication by access_checker_ex hook: /
[Mon Aug 05 15:47:57.906940 2013] [include:warn] [pid 89772] [client x.y.z.q:59435] AH01374: mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed: /index.shtml
[Mon Aug 05 15:47:57.906965 2013] [http:trace3] [pid 89772] http_filters.c(963): [client x.y.z.q:59435] Response sent with status 200, headers:
[Mon Aug 05 15:47:57.906978 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Last-Modified: Sun, 04 Aug 2013 03:04:14 GMT
[Mon Aug 05 15:47:57.906984 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Accept-Ranges: bytes
[Mon Aug 05 15:47:57.906989 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Content-Length: 2682
[Mon Aug 05 15:47:57.906994 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Keep-Alive: timeout=5, max=100
[Mon Aug 05 15:47:57.907000 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Connection: Keep-Alive
[Mon Aug 05 15:47:57.907005 2013] [http:trace4] [pid 89772] http_filters.c(806): [client x.y.z.q:59435]   Content-Type: text/html
[Mon Aug 05 15:47:57.979837 2013] [http:trace4] [pid 89773] http_request.c(301): [client x.y.z.q:59436] Headers received from client:, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979863 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Hos[Mon Aug 05 15:47:57.979869 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Accept-Language: en-us, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979875 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Accept-Encoding: gzip, deflate, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979881 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Connection: keep-alive, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979887 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   If-None-Match: \\"7d7-39dbdf7dd7ec0\\", referer: http://www.example.com/
[Mon Aug 05 15:47:57.979892 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Accept: text/css,*/*;q=0.1, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979897 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   If-Modified-Since: Wed, 03 Apr 2002 20:02:43 GMT, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979902 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.51.3 (KHTML, like Gecko) Version/7.0 Safari/537.51.3, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979908 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Referer: http://www.example.com/, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979913 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   Cache-Control: max-age=0, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979918 2013] [http:trace4] [pid 89773] http_request.c(305): [client x.y.z.q:59436]   DNT: 1, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979960 2013] [authz_core:debug] [pid 89773] mod_authz_core.c(802): [client x.y.z.q:59436] AH01626: authorization result of Require all granted: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979967 2013] [authz_core:debug] [pid 89773] mod_authz_core.c(802): [client x.y.z.q:59436] AH01626: authorization result of <RequireAny>: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:57.979974 2013] [core:trace3] [pid 89773] request.c(238): [client x.y.z.q:59436] request authorized without authentication by access_checker_ex hook: /bi.css, referer: http://www.example.com/
[Mon Aug 05 15:47:57.980135 2013] [http:trace3] [pid 89773] http_filters.c(963): [client x.y.z.q:59436] Response sent with status 304, headers:, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106847 2013] [http:trace4] [pid 89772] http_request.c(301): [client x.y.z.q:59435] Headers received from client:, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106879 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Host: www.example.com, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106891 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Language: en-us, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106900 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Encoding: gzip, deflate, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106908 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Connection: keep-alive, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106917 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   If-None-Match: \\"d9fb-39cec692e7840\\", referer: http://www.example.com/
[Mon Aug 05 15:47:58.106929 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept: */*, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106938 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   If-Modified-Since: Sun, 24 Mar 2002 10:02:01 GMT, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106946 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.51.3 (KHTML, like Gecko) Version/7.0 Safari/537.51.3, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106955 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Referer: http://www.example.com/, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106963 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Cache-Control: max-age=0, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106971 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   DNT: 1, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107024 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of Require all granted: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107031 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of <RequireAny>: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107037 2013] [core:trace3] [pid 89772] request.c(238): [client x.y.z.q:59435] request authorized without authentication by access_checker_ex hook: /images/lindo.jpg, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106879 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Host: www.example.com, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106891 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Language: en-us, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106900 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept-Encoding: gzip, deflate, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106908 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Connection: keep-alive, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106917 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   If-None-Match: \\"d9fb-39cec692e7840\\", referer: http://www.example.com/
[Mon Aug 05 15:47:58.106929 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Accept: */*, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106938 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   If-Modified-Since: Sun, 24 Mar 2002 10:02:01 GMT, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106946 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.51.3 (KHTML, like Gecko) Version/7.0 Safari/537.51.3, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106955 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Referer: http://www.example.com/, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106963 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   Cache-Control: max-age=0, referer: http://www.example.com/
[Mon Aug 05 15:47:58.106971 2013] [http:trace4] [pid 89772] http_request.c(305): [client x.y.z.q:59435]   DNT: 1, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107024 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of Require all granted: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107031 2013] [authz_core:debug] [pid 89772] mod_authz_core.c(802): [client x.y.z.q:59435] AH01626: authorization result of <RequireAny>: granted, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107037 2013] [core:trace3] [pid 89772] request.c(238): [client x.y.z.q:59435] request authorized without authentication by access_checker_ex hook: /images/lindo.jpg, referer: http://www.example.com/
[Mon Aug 05 15:47:58.107153 2013] [http:trace3] [pid 89772] http_filters.c(963): [client x.y.z.q:59435] Response sent with status 304, headers:, referer: http://www.example.com/


> can you diff your entire 2.2 configuration with your 2.4 configuration (httpd.conf + any included files)?

Not in any useful way. Enough little things changed in the logs that most lines are different. Also, my 22 conf was stripped of comments.

> did you have Action somewhere in your 2.2 config which used those mime types associated with CGIs?

Um... The only line referring to ".pl" in the old conf is

AddIcon /icons/p.gif .pl .py


> why are there slashes after .cgi and .pl?

Because that's how the file was written in April of 2002.

--
The only good thing ever to come out of religion was the music.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Born in Roswell... married an alien...
http://emptyhammock.com/
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux