RE: Apache failing on invalid header. Is there a way to allow apache to proceed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Nick,

Thanks for the quick response.  That's what I was afraid of.  This is a
mobile phone submitting the request.  It's definitely supposed to be an
HTTP request, it's just this particular phone has a bug.

What about why Apache is only failing on the POST request?  Is there a
difference in the way Apache processes GET and POST requests?

I'm using Apache v2.2.4.  I've found the location in server/protocol.c
where it's returning a bad request with the error message (line 766).
Is this code hit on the GET request too?  If so shouldn't I see this
badly formed header fail?

So I'm stuck making a custom modification here to allow this badly
formed request to proceed?

Thanks,
Chris

-----Original Message-----
From: Nick Kew [mailto:nick@xxxxxxxxxxxx] 
Sent: Friday, December 21, 2007 10:25 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Apache failing on invalid header. Is there a
way to allow apache to proceed?

On Fri, 21 Dec 2007 11:18:44 -0500
"Brown Chris-CCB034" <Christopher.Brown@xxxxxxxxxxxx> wrote:

> I'm seeing a request come in with a bad http header.

Are you sure it's supposed to be HTTP?
As opposed to, for example, HTTP encapsulated in something?


> Apache is failing on the P.. header because it doesn't contain the 
> required ":" format.

That's clearly not HTTP.

>	  What options do
> I have within Apache to allow this bad request to proceed?  Is there  
>a way to turn off Apache's strict header checking?  Or am I looking  at

>making a custom modification to the Apache source code for this  
>specific case?

That'll need source hacking.  If we allow malformed requests like that,
we open up a whole new playground to the script kiddies.

--
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux