Summary: | Custom ErrorDocument 400 not working when Host header is missing | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | kannarkk |
Component: | Core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | masanobu.hatanaka, petr.sumbera, william |
Priority: | P2 | ||
Version: | 2.2.11 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
possible patch
httpd trunk patch for bug 48357 |
Description
kannarkk
2009-12-09 03:15:26 UTC
What's the context of your ErrorDocument directive that's being ignored? (e.g. top-level, <virtualhost>, ???) Using telnet hostname 80, if you type: GET HTTP/1.0 HTTP/1.0 you get the custom ErrorDocument 400 as defined in apache2.conf. If you type: GET HTTP/1.1 HTTP/1.1 Host: hostname you get the custom ErrorDocument 400 as defined in apache2.conf If you type: GET HTTP/1.1 HTTP/1.1 without the Host Header you get the Apache default 400 error text and not the custom ErrorDocument. I believe that this is the bug that has been reported. In all cases you should be getting the custom ErrorDocument 400 if one has been defined. Me thinks. Works for me with ErrorDocument at top level. I suspect you have your ErrorDocument in a wrong context. If you want to reopen, please reply to Comment 1. This is still issue. Though not sure what to do about it. When host is not specified: =========================== Then ap_process_http_connection() calls ap_read_request() where it logs following error: "client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): %s" and sets r->status to HTTP_BAD_REQUEST so that later ap_send_error_response() is called which won't do any redirection (instead it will send default error text). When host is specified: ======================= Then ap_process_http_connection() calls ap_process_request() because so far status was OK. But then status is evaluated not be ok and ap_die() is called. Where ap_die() will do custom redirection. Created attachment 29147 [details]
possible patch
Patch attached.
Example:
Apache configuration:
=====================
Add following into global section of Apache configuration file:
ErrorDocument 400 /400.html
Create 400.html file:
echo "<html><body><h1>My error 400.....</h1></body></html>" > /var/apache2/2.2/htdocs/400.html
Behavior without patch:
=======================
root@S11:~# telnet localhost 80
Trying ::1...
Connected to S11.1_15.
Escape character is '^]'.
GET . HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Wed, 01 Aug 2012 11:21:38 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0j DAV/2 PHP/5.2.17
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Behavior with applied patch:
============================
root@S11:~# telnet localhost 80
Trying ::1...
Connected to S11.1_15.
Escape character is '^]'.
GET . HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Wed, 01 Aug 2012 11:24:34 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0j DAV/2 PHP/5.2.17
Last-Modified: Wed, 01 Aug 2012 11:20:45 GMT
ETag: "52f1-35-4c6327c6f4b5b"
Accept-Ranges: bytes
Content-Length: 53
Connection: close
Content-Type: text/html
<html><body><h1>My error 400.....</h1></body></html>
Why is this a practical problem? (Which clients are sending HTTP/1.1 requests without a host header, how will a custom error document help?) I'm attaching an alternate fix which uses ap_die() instead of ap_send_error_response. Created attachment 29423 [details] httpd trunk patch for bug 48357 Change ap_read_request() to use ap_die() for this error. I can confirm that patch from comment #7 works as expected. I'm not aware about any clients which sends HTTP/1.1 requests without a host header. But one of of our customers is demanding on fixing this problem. Maybe it's question of consistency. Or maybe it's related to localization (e.g. to avoid English errors). |