Hello,I just wanted to provide a resolution to this problem for future searches etc. So the behaviour we were seeing is totally normal for httpd. If you do a HTTPS request to httpd on a socket that it is listening on, but doesn't have a VirtualHost configured, it will return a plaintext HTTP 400.
We ended up going round the houses on this issue, until we noticed that the problem was that our load balancer (relayd in this case) would 'randomly' increment the IP address that it was directing the request to by 1 (i.e. instead of handshaking with .144 it would handshake with .145) which on some addresses, we didn't have a virtual host configured.
So, the long and short of it is: not a bug with httpd; as was predicted by everyone, it's a problem outside of its control and misbehaviour upstream.
The main thing I think that's useful information for other people experiencing something similar is that the logs for this are only available at debug, so we've changed our production httpd configuration to be:
LogLevel warn core:debug That way we get in the error log: AH00566: request failed: malformed request lineThis provided us with the visibility of the problem that then let us track back exactly what was going on.
Thanks for the input everyone! Rob On 29/04/2021 14:36, Rob Emery wrote:
Assuming your site is public facing, give this evaluation a try and see if anything interesting is mentioned.https://www.ssllabs.com/ssltest/It is indeed public and I've just run that. Nothing strikes me as weird or unusual about it at all unfortunately:https://www.ssllabs.com/ssltest/analyze.html?d=services.codeweavers.net Thanks, Rob
-- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|