Bug 48357 - Custom ErrorDocument 400 not working when Host header is missing
Summary: Custom ErrorDocument 400 not working when Host header is missing
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.2.11
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-09 03:15 UTC by kannarkk
Modified: 2012-10-01 14:24 UTC (History)
3 users (show)



Attachments
possible patch (1.58 KB, patch)
2012-08-01 11:42 UTC, Petr Sumbera
Details | Diff
httpd trunk patch for bug 48357 (1.49 KB, patch)
2012-09-26 17:20 UTC, Jeff Trawick
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description kannarkk 2009-12-09 03:15:26 UTC
Custom ErrorDocument 400 is not working when the Host header is missing in the request. Default ErrorDocument 400 is sent as a response when Host header is missing, even though custom ErrorDocument 400 is defined.
Comment 1 Nick Kew 2009-12-20 17:15:43 UTC
What's the context of your ErrorDocument directive that's being ignored?
(e.g. top-level, <virtualhost>,  ???)
Comment 2 AH 2010-06-15 08:34:47 UTC
Using telnet hostname 80, if you type:

GET HTTP/1.0 HTTP/1.0

you get the custom ErrorDocument 400 as defined in apache2.conf.

If you type:

GET HTTP/1.1 HTTP/1.1
Host: hostname

you get the custom ErrorDocument 400 as defined in apache2.conf

If you type:

GET HTTP/1.1 HTTP/1.1

without the Host Header you get the Apache default 400 error text and not
the custom ErrorDocument.

I believe that this is the bug that has been reported. In all cases you should be getting the custom ErrorDocument 400 if one has been defined. Me thinks.
Comment 3 Nick Kew 2011-03-26 11:07:38 UTC
Works for me with ErrorDocument at top level.

I suspect you have your ErrorDocument in a wrong context.  If you want to reopen, please reply to Comment 1.
Comment 4 Petr Sumbera 2012-05-24 15:35:19 UTC
This is still issue. Though not sure what to do about it.

When host is not specified:
===========================

Then ap_process_http_connection() calls ap_read_request() 

where it logs following error:

"client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): %s"

and sets r->status to HTTP_BAD_REQUEST

so that later ap_send_error_response() is called which won't do any redirection
(instead it will send default error text).

When host is specified:
=======================

Then ap_process_http_connection() calls ap_process_request() because so far status was OK. But then status is evaluated not be ok and ap_die() is called.
Where ap_die() will do custom redirection.
Comment 5 Petr Sumbera 2012-08-01 11:42:34 UTC
Created attachment 29147 [details]
possible patch

Patch attached.

Example:

Apache configuration:
=====================

Add following into global section of Apache configuration file:

ErrorDocument 400 /400.html

Create 400.html file:

echo "<html><body><h1>My error 400.....</h1></body></html>" > /var/apache2/2.2/htdocs/400.html

Behavior without patch:
=======================

root@S11:~# telnet localhost 80
Trying ::1...
Connected to S11.1_15.
Escape character is '^]'.
GET . HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Wed, 01 Aug 2012 11:21:38 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0j DAV/2 PHP/5.2.17
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

Behavior with applied patch:
============================

root@S11:~# telnet localhost 80
Trying ::1...
Connected to S11.1_15.
Escape character is '^]'.
GET . HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Wed, 01 Aug 2012 11:24:34 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0j DAV/2 PHP/5.2.17
Last-Modified: Wed, 01 Aug 2012 11:20:45 GMT
ETag: "52f1-35-4c6327c6f4b5b"
Accept-Ranges: bytes
Content-Length: 53
Connection: close
Content-Type: text/html

<html><body><h1>My error 400.....</h1></body></html>
Comment 6 Jeff Trawick 2012-09-26 17:19:17 UTC
Why is this a practical problem?  (Which clients are sending HTTP/1.1 requests without a host header, how will a custom error document help?)

I'm attaching an alternate fix which uses ap_die() instead of ap_send_error_response.
Comment 7 Jeff Trawick 2012-09-26 17:20:24 UTC
Created attachment 29423 [details]
httpd trunk patch for bug 48357

Change ap_read_request() to use ap_die() for this error.
Comment 8 Petr Sumbera 2012-10-01 13:29:48 UTC
I can confirm that patch from comment #7 works as expected.

I'm not aware about any clients which sends HTTP/1.1 requests without a host header. But one of of our customers is demanding on fixing this problem. 

Maybe it's question of consistency. Or maybe it's related to localization (e.g. to avoid English errors).
Comment 9 Jeff Trawick 2012-10-01 14:24:04 UTC
Committed to trunk as r1392347.  I'll propose for backport to 2.4.x; the cases where this change helps are surely few in number, but maybe the review process will lead to somebody finding a problem.