Re: [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The hostname, normally in the Host header, is not read until after the request line. So it cannot be effectively set in name based vhosts.

The manual already warns about it

On Sun, Jan 21, 2024, 9:26 AM Florent Thomas <florent.thomas@xxxxxxxxxxxxxxx.invalid> wrote:
Hi everyone,

I'm running :
Server version: Apache/2.4.57 (Debian)
Server built:   2023-04-13T03:26:51
Server's Module Magic Number: 20120211:127
Server loaded:  APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Compiled using: APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

I've been struggling for almost 2 weeks on this weird issue.
I have multiple vhosts working perfectly either in http and httpS with let's encrypt.

Yet for one vhost we need to set limitrequestline to a higher value. I'm familiar with the procedure and I changed the value in the vhost. Sadly it didn't worked as expected.
After searching in any place, enabling/disabling securities, modules etc... I found another conf conflicting with mine.

The ssl.conf vhost placed in conf-enabled is causing troubles. However its content is not really complicated :

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
    ServerName publicdomainname.tld
    SSLEngine on
    SSLCertificateFile "/etc/ssl/certs/apache-httpd.crt"
    SSLCertificateKeyFile "/etc/ssl/private/apache-httpd.key"
</VirtualHost>

My other vhost is as follows :

<VirtualHost *:443>
    ServerName otherdomain.tld
    .../...
    <IfModule mod_ssl.c>
    RequestHeader set X-Forwarded-Proto "https"
    </IfModule>
   .../....
    LimitRequestLine 10240
.../...   
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

When both are enabled, the LimitRequestLine is not considered when reaching htps://otherdomain.tld . When I comment the Vhost in ssl.conf everything works fine.

Is there any "permeability" between vhosts ? is there any precedence that could cause this vhost to be considered as the "master" of some options? Could anyone lead me to wha I am doing wrong?

Sorry if I'm not clear, any question and/or feedback would be appreciated.

Regards,

Florent THOMAS
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux