Thanks for the response Stefan. Much appreciated. The following results are from a vhost with the following configuration; just the default vhost on a named virtual host system. This is in the main server configuration and is REQUIRED by the e-commerce folks (PCIA) to get a clean scan report ;-( --------------------------------- Header always append X-Frame-Options SAMEORIGIN --------------------------------- This is the first, therefore default, named virtual host entry. It is just our test server so it has a plain vanilla configuration. -------------------------------- # Allow access to the directory where we store the pages <Directory /httpd > Options FollowSymLinks Require all granted </Directory> # Default host (www.iliffe.ca) # This one picks up all IP based hacker garbage too <VirtualHost *:80> ServerName www.iliffe.ca DocumentRoot /httpd/iliffe Options FollowSymLinks H2Direct on </VirtualHost> ---------------------------------- All the following were taken with: ----------------------------------- curl --http2 -I http://192.168.1.6 ----------------------------------- In all cases the "H2SerializeHeaders on" directive is commented out. First try, mod_http2 is active and the connect changes to http2. Note that date is wrong and etag value is preceded by 'W/' ---------------------------------- HTTP/1.1 101 Switching Protocols Upgrade: h2c Connection: Upgrade HTTP/2 200 date: Sun, 00 Jan 1900 00:00:00 GMT <----- server: Apache x-frame-options: SAMEORIGIN last-modified: Mon, 03 Apr 2017 19:10:31 GMT etag: W/"38a-54c47e9be9bda" accept-ranges: bytes content-length: 906 content-type: text/html ------------------------------------ Following taken with mod_http2 commented out and "H2Direct on" directive in all virtual hosts commented out (O/W it is a syntax error). Note that the date is correct. ------------------------------------ HTTP/1.1 200 OK Date: Sun, 09 Apr 2017 17:35:03 GMT <---- Server: Apache X-Frame-Options: SAMEORIGIN Last-Modified: Mon, 03 Apr 2017 19:10:31 GMT ETag: "38a-54c47e9be9bda" Accept-Ranges: bytes Content-Length: 906 Content-Type: text/html --------------------------------------- Now I uncomment mod_http2, "H2Direct on" and "H2SerializeHeaders on" Note that the date is now correct again. ------------------------------------------ HTTP/1.1 101 Switching Protocols Upgrade: h2c Connection: Upgrade HTTP/2 200 date: Sun, 09 Apr 2017 17:42:49 GMT <---- server: Apache x-frame-options: SAMEORIGIN last-modified: Mon, 03 Apr 2017 19:10:31 GMT etag: "38a-54c47e9be9bda" accept-ranges: bytes content-length: 906 content-type: text/html ---------------------------------------- Hope that helps! John ======================================== On Saturday 08 April 2017 03:37:25 Stefan Eissing wrote: > Hmm, interesting. I left H2SerializeHeaders in just for the case someone > runs into incompatibilities with the standard mod_http2 method. I almost > was about to rip it our since, until now, no one reported any > differences. > > I'd like to understand what is going on in your system and causing this > difference. I would guess that some module inserts a filter into request > processing that mod_http2 has trouble working with. > > For example, where is that X-Frame-Options coming from? Do you > have just "standard" modules enabled? Would you mind reducing your > config for a vhost to the minimal set that still causes the problems and > share that? > > Thanks! > > -Stefan > > > Am 07.04.2017 um 17:28 schrieb John Iliffe <john.iliffe@xxxxxxxxx>: > > > > On Friday 07 April 2017 03:53:55 Konstantin Kolinko wrote: > >> 2017-04-07 7:19 GMT+03:00 John Iliffe <john.iliffe@xxxxxxxxx>: > >>> I just enabled http2 on our server and tested using curl. The test > >>> page is a static html page with nothing but some random characters > >>> on it, and no css or other secondary accesses. > >>> > >>> The protocol line is set to allow http2 > >>> Protocols h2 h2c http/1.1 > >>> > >>> Everything seems to work with the exception of the date. The first > >>> file following is the result of a curl head request BEFORE > >>> activating mod_http2 and the second one is after doing so. No > >>> other change to the httpd.conf file. > >>> > >>> ---------------------without http2 being > >>> available---------------------- curl --http2 -I > >>> http://192.168.1.6:/yrarc/yrex0001.html > >>> HTTP/1.1 200 OK > >>> Date: Fri, 07 Apr 2017 03:42:12 GMT <----- > >>> Server: Apache > >>> X-Frame-Options: SAMEORIGIN > >>> Last-Modified: Sun, 26 Mar 2017 03:12:45 GMT > >>> ETag: "c14-54b9999bf581b" > >>> Accept-Ranges: bytes > >>> Content-Length: 3092 > >>> Content-Type: text/html > >>> > >>> > >>> -------------------with mod_http2 > >>> enabled------------------------------ curl --http2 -I > >>> http://192.168.1.6:/yrarc/yrex0001.html > >>> HTTP/1.1 101 Switching Protocols > >>> Upgrade: h2c > >>> Connection: Upgrade > >>> > >>> HTTP/2 200 > >>> date: Sun, 00 Jan 1900 00:00:00 GMT <----- > >>> server: Apache > >>> x-frame-options: SAMEORIGIN > >>> last-modified: Sun, 26 Mar 2017 03:12:45 GMT > >>> etag: W/"c14-54b9999bf581b" > >>> accept-ranges: bytes > >>> content-length: 3092 > >>> content-type: text/html > >>> > >>> Does anyone know why the date (arrowed) should be wrong and if it > >>> would make any difference in the server operation? Or maybe what am > >>> I missing? > >> > >> 1. What is exact version of your server? > > > > apache-2.4.25 compiled from source running on Fedora 25 > > > >> 2. If you say that "No other change to the httpd.conf file", what > >> caused the difference in ETag value? > > > > Don't know, the "W/" bit occurs only when the http2 protocol is > > active. > > > > The only change I made was to uncomment the line: > > > > LoadModule http2_module modules/mod_http2.so > > > > the Protocol line was already present, but as noted in the docs > > ignores protocols that are not available. > > > >> 3. Overall, this is strange. > >> If you do an HTTP/1.1 request (using curl without "--http2" flag), > >> does it respond with a correct Date header? > > > > Yes. > > > > curl -I http://192.168.1.6:/yrarc/yrex0001.html > > HTTP/1.1 200 OK > > Date: Fri, 07 Apr 2017 15:07:47 GMT <-------- > > Server: Apache > > X-Frame-Options: SAMEORIGIN > > Upgrade: h2,h2c > > Connection: Upgrade > > Last-Modified: Sun, 26 Mar 2017 03:12:45 GMT > > ETag: "c14-54b9999bf581b" > > Accept-Ranges: bytes > > Content-Length: 3092 > > Content-Type: text/html > > > >> 4. I wonder, whether the behaviour is affected by H2SerializeHeaders > >> directive. > >> http://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2serializeheader > >> s > > > > Bingo! > > > > The H2SerializeHeaders directive is not present so it is taking the > > default of off. I added it with the following result: > > > > curl --http2 -I http://192.168.1.6:/yrarc/yrex0001.html > > HTTP/1.1 101 Switching Protocols > > Upgrade: h2c > > Connection: Upgrade > > > > HTTP/2 200 > > date: Fri, 07 Apr 2017 15:16:38 GMT <------ > > server: Apache > > x-frame-options: SAMEORIGIN > > last-modified: Sun, 26 Mar 2017 03:12:45 GMT > > etag: "c14-54b9999bf581b" > > accept-ranges: bytes > > content-length: 3092 > > content-type: text/html > > > > > > So, what is this dated used for and does an incorrect date affect > > anything? The docs sort of imply that it should be off unless > > something breaks. > > > >> Best regards, > >> Konstantin Kolinko > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|