httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blue Moon System Operator <sy...@net.bluemoon.net>
Subject [users@httpd] Invalid URI in request GET / HTTP/1.0 on Apache/1.3.27 (Unix)
Date Sun, 28 Sep 2003 16:41:18 GMT

At 10:10 Am this morning I started getting 400 errors on all virtualhosts
on one of my servers when any browser attempted to access the default
page for a directory and not a specific file.

FreeBSD 4.5-RELEASE on AMD XP2000+ with 1GB DDR, 7 x 9GB LVD SCSI.

Server version: Apache/1.3.27 (Unix)

No detectable changes had been made to conf files for nearly a month
previous to this.

It affected only directories for which the default page was specified in
the srm.conf with the DirectoryIndex directive which has been this:

DirectoryIndex home.html index.html home.htm index.htm nph-ind.cgi

The default document root dir was also affected therefore the default site
pages for each virtualhost also resulted in a 400 error.

This what the error log showed:

[Sun Sep 28 10:10:58 2003] [error] [client 202.81.160.16] Invalid URI in request GET / HTTP/1.0

Directories which have a .htaccess file containing a DirectoryIndex
directive were unaffected.

I verified the httpd.conf with "apachectl configtest" and I tried placing
the srm.conf DirectoryIndex line in the httpd.conf, no joy.

I restarted the httpd server several times both with apachectl restart and
a stop and then start, no joy.

I did not reboot the box because it is at a remote location and I also
wanted to diagnose what happened due the potential damage a reoccurence of
this problem can represent to our business.

When I placed a DirectoryIndex directive in any doc dir the problem
disappeared for the dir including doc root.

Everything else on the server appeared normal including rewrites, CGIs,
suexecs and non-http services and executables. The only problem was the
conf DirectoryIndex.

I scoured the error and access logs for clues, but there wasn't anything
other than the typical IIS style exploit attempts which was of note.

I checked disk space, memory, swap, network resources and file descriptor
usage and nothing was out of the ordinary. I checked shell logins, all
server log files of all types for any anomalies and started hunting down
exploit reports and found nothing.

At 11:49 AM the problem mysteriously disappeared just a quickly as
it had appeared without user intervention and no config changes aside
from duplicating the srm.conf DirectoryIndex line to the httpd.conf file
which didn't fix the problem when it was first tried.

I'm monitoring the logs to see if it reappears, but I'd really like to
know WTF happened and if anyone has seen this preoblem before.

Does anyone have any isight into what could have caused this to happen?

Henry

J. Henry Priebe Jr.    Blue Moon Internet Corp Network Administrator
www.bluemoon.net       Internet Access & Web Hosting
www.railfan.net        Railfan Network Services

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message