httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51603] Apache accepts completely bogus HTTP requests (possible security hole)
Date Wed, 03 Aug 2011 21:00:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51603

--- Comment #6 from Mikael Lyngvig <mikael@lyngvig.org> 2011-08-03 21:00:27 UTC ---
Hmm, I tried opening the URL as http://www.archangel.dk (the website),
https://www.archangel.dk (shouldn't be open as the firewall blocks it) and
https://www.archangel.dk:80.  The last attempt gave this result:

90.185.163.243 - - [03/Aug/2011:22:53:18 +0200] "\x16\x03\x01" 200 1279
90.185.163.243 - - [03/Aug/2011:22:53:18 +0200] "\x16\x03\x01" 200 1279

I simply don't know enough HTTPS and HTTP to say whether it is really an error
or just somebody hammering on my website using SSL on port 80, which could
possibly explain the "bizarre" reaction by Apache that I am seeing.

I can say that mod_ssl is not loaded.

I don't know if there's really a problem at all or if it is just me being
hyper-aggressive over somebody probing my website with SSL packets on port 80.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message