On 4/20/21 8:54 AM, Daniel Ferradal wrote:
That's the key then, you are probably reverse proxying somewhere and the 500 errors comes from there and not from Apache. Apache always logs HTTP 500 status code in error log. Even more, the headers you pasted have no Server: Apache and there are many other headers that tell us you are not dealing with simple static content but a dynamic content generator of some sort. It pays off to double check where those requests are being routed to.
We're using cloudflare, but the issues seem to persist even when disabling their cache. Perhaps it's still being proxied, even though it's not being cached, and causing these errors?
Would it explain why the same page doesn't always produce the error, or why not all pages produce a 500 error?
Thanks, Dave
El mar, 20 abr 2021 a las 14:49, Dave Wreski (<dwreski@xxxxxxxxxxxxxxxxxxx.invalid>) escribió:If the error comes from apache itself you should have an error log entry, what does it say?I don't have any error log entries, only the 500 error response in the access log. 72.70.38.104 - - [19/Apr/2021:21:38:56 -0400] "GET /advisories/debian/debian-dsa-2944-1-gnutls26-security-update HTTP/1.1" 500 12704 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 2/2408334 915/21235/12704 Thanks, DaveEl mar., 20 abr. 2021 4:03, Dave Wreski <dwreski@xxxxxxxxxxxxxxxxxxx.invalid> escribió: Hi, I have an apache-2.4.46 system on fedora33 and having weird 500 errors that I can't explain. 72.70.38.104 - - [19/Apr/2021:21:38:56 -0400] "GET /advisories/debian/debian-dsa-2944-1-gnutls26-security-update HTTP/1.1" 500 12704 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm <http://www.bing.com/bingbot.htm>)" 2/2408334 915/21235/12704 Going to this page directly loads the page just fine. I've also just started to notice the following entries in /var/log/httpd/modsec_audit.log: --47be4126-F-- HTTP/1.1 500 Internal Server Error X-LiteSpeed-Purge: * Cache-Control: no-cache Pragma: no-cache Set-Cookie: 5eae87e0f12142efcb88fb03b93e82b2=qil7ieh6m1tcnrj8dn0vkfc4s5; path=/; secure; HttpOnly Set-Cookie: ct_timestamp=1618882240; path=/ Set-Cookie: ct_prev_referer=https%3A%2F%2Flinuxsecurity.com%2Fcontact-us; path=/ Set-Cookie: ct_cookies_test=%7B%22cookies_names%22%3A%5B%22ct_timestamp%22%2C%22ct_prev_referer%22%5D%2C%22check_value%22%3A%22d4c4a7a2546fbe6 12cba4c38dc2c8949%22%7D; path=/ Strict-Transport-Security: max-age=15768000 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Vary: User-Agent Cache-Control: public Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 What does this mean? Is this just reporting the error or something related to mod_sec causing the error? Thanks, Dave --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx <mailto:users-help@xxxxxxxxxxxxxxxx>--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|