[httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,

I'm running :
Server version: Apache/2.4.57 (Debian)
Server built:   2023-04-13T03:26:51
Server's Module Magic Number: 20120211:127
Server loaded:  APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Compiled using: APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

I've been struggling for almost 2 weeks on this weird issue.
I have multiple vhosts working perfectly either in http and httpS with let's encrypt.

Yet for one vhost we need to set limitrequestline to a higher value. I'm familiar with the procedure and I changed the value in the vhost. Sadly it didn't worked as expected.
After searching in any place, enabling/disabling securities, modules etc... I found another conf conflicting with mine.

The ssl.conf vhost placed in conf-enabled is causing troubles. However its content is not really complicated :

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
    ServerName publicdomainname.tld
    SSLEngine on
    SSLCertificateFile "/etc/ssl/certs/apache-httpd.crt"
    SSLCertificateKeyFile "/etc/ssl/private/apache-httpd.key"
</VirtualHost>

My other vhost is as follows :

<VirtualHost *:443>
    ServerName otherdomain.tld
    .../...
    <IfModule mod_ssl.c>
    RequestHeader set X-Forwarded-Proto "https"
    </IfModule>
   .../....
    LimitRequestLine 10240
.../...   
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

When both are enabled, the LimitRequestLine is not considered when reaching htps://otherdomain.tld . When I comment the Vhost in ssl.conf everything works fine.

Is there any "permeability" between vhosts ? is there any precedence that could cause this vhost to be considered as the "master" of some options? Could anyone lead me to wha I am doing wrong?

Sorry if I'm not clear, any question and/or feedback would be appreciated.

Regards,

Florent THOMAS
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux