Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F3454EF9A for ; Mon, 28 Jan 2013 22:23:23 +0000 (UTC) Received: (qmail 11624 invoked by uid 500); 28 Jan 2013 22:23:23 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 11591 invoked by uid 500); 28 Jan 2013 22:23:23 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 11580 invoked by uid 99); 28 Jan 2013 22:23:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jan 2013 22:23:23 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jan 2013 22:23:21 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id B1F5545BE; Mon, 28 Jan 2013 22:23:00 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 54498] New: apache crash on any cgi request with certain http accept header Date: Mon, 28 Jan 2013 22:23:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: All X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: franktraffic@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter classification Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=54498 Bug ID: 54498 Summary: apache crash on any cgi request with certain http accept header Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Windows XP Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: franktraffic@gmail.com Classification: Unclassified I have problem with regular crash my apache / whole server because of out of memory. After investigating I found somebody sends requests to any .cgi script with this header [HTTP_ACCEPT] => !!mUiX6BaBHCeqIoxmNSdGa/XC2O8YisRs3w03aglTIw0A I have only certain group of scripts installed, but i think it will crash with any script. As a result it generates thousand httpd proccesses and it eat all resourses. In log 212.117.160.93 - - [08/Jan/2013:17:41:19 -0600] GET /cgi-bin/a2/out.cgi HTTP/1.1 "200" 56695613 "http://cut.../cgi-b in/a2/out.cgi" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-" This is 56695613 answer size. It looks like while it return this answer all scripts are locked and because new requests are incoming - in couple of minutes there are accumulated thousand httpd proccesses. I verified and simulated it - it crashes apache every time when I send this headers. It works on Freebsd server. I tried send this request to other OS - it doesnt crash. Before I found this problem I tried reinstall OS from freebsd 8 to freebsd 9. I also tried all versions of Apache, including last one, and all mysql, php, nginx. Could you fix this please. This person changes ip and I need catch his ip and add to blacklist. But time of time my server crashes. Thanks -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org