httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pavel Novy <>
Subject unexpected behavior of the Apache webserver
Date Tue, 18 Dec 2001 10:54:24 GMT
I'm running Apache 2.0 (2.0.29-dev) on my test server (NetWare) and I've 
found the following line(s) in server's log file recently:

xx.xx.xx.xx - - [05/Dec/2001:17:19:20 +0100] "GET 
HTTP/1.1" 200 1456

I've made some work-around and found the following:

1. Server's document root is accessed in this situation (code 200
    unexpectedly returned). It's probably not a security issue, but
    I'm not sure. Regardless, it's obvious that incorrect lines may
    occur in the log files so skewed results could be produced when
    analysing them.

2. It seems to be independent on platform and version of the Apache
    webserver (also tested on some 1.3 versions - Linux, NetWare).

3. I'm able to reproduce this with protocol version 1.0 (see below),
    wondering that I'm not able to reproduce it with version 1.1 (see
    above) - code 400 returned when I'm trying to do the same, but I'm
    not too familiar with corresponding RFCs...

Sorry, no time to look into sources, but I think that there must be 
something wrong in http parser.


$ telnet 80
Connected to
Escape character is '^]'.
GET http://something HTTP/1.0

HTTP/1.1 200 OK
Date: Tue, 18 Dec 2001 09:33:43 GMT
Server: Apache/2.0.28 (Unix)
Accept-Ranges: bytes
Content-Length: 5303
Connection: close
Content-Type: text/html


$ telnet 80
Connected to
Escape character is '^]'.
GET http://something HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Tue, 18 Dec 2001 10:42:17 GMT
Server: Apache/2.0.28 (Unix)
Content-Length: 375
Connection: close
Content-Type: text/html; charset=iso-8859-1

<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
client sent HTTP/1.1 request without hostname (see RFC2616 section 
14.23): /</p>
<hr />
<address>Apache/2.0.28 Server at Port 80</address>
Connection closed by foreign host.

View raw message