httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Invalid URI in request OPTIONS * HTTP/1.0
Date Thu, 05 Jan 2012 02:49:30 GMT
[error] [client 194.38.104.110] ModSecurity: Warning. String match "Invalid
URI in request" at WEBSERVER_ERROR_LOG.

ModSecurity? Protection against using * in the URI?

On Thu, Jan 5, 2012 at 6:17 AM, Jeroen Geilman <jeroen@adaptr.nl> wrote:

>  On 01/04/2012 12:36 PM, Szőts Ákos wrote:
>
>> Hi All,
>>
>> There's a frequent error message in my Apache error_log (v2.2.21 under
>> openSUSE 12.1):
>> "Invalid URI in request OPTIONS * HTTP/1.0"
>>
>> I know this is an internal dummy connection to test if the server is alive
>> or not. But every time, Apache tries to connect to itself, it writes
>> instead of the error log.
>>
>> Here is the full request:
>> OPTIONS * HTTP/1.0
>> User-Agent: Apache (internal dummy connection)
>>
>> Response:
>> HTTP/1.1 400 Bad Request
>> Vary: accept-language,accept-**charset,User-Agent
>> Accept-Ranges: bytes
>> Connection: close
>> Content-Type: text/html; charset=iso-8859-1
>> Content-Language: en
>> Expires: Tue, 03 Jan 2012 19:31:04 GMT
>>
>> Here is the full "debug" log:
>> [error] [client 194.38.104.110] Invalid URI in request OPTIONS * HTTP/1.0
>> [debug] mod_headers.c(756): headers: ap_headers_output_filter()
>> [debug] mod_headers.c(756): headers: ap_headers_output_filter()
>> [debug] mod_headers.c(756): headers: ap_headers_output_filter()
>> [debug] mod_headers.c(756): headers: ap_headers_output_filter()
>> [error] [client 194.38.104.110] ModSecurity: Warning. String match
>> "Invalid
>> URI in request" at WEBSERVER_ERROR_LOG.
>>
>> I tried to telnet to my server on port 80, and when I write "OPTIONS *", I
>> get a 400 error, but when I write "OPTIONS /", I got 200 OK.
>> RFC says the * is acceptable, so I don't understand why the error.
>>
>>
> An internal dummy connection will originate from localhost (127.0.0.1),
> not 194.138.104.110:
>
>
>        [error] [client 194.38.104.110] ModSecurity: Warning. String match
> "Invalid URI in request" at WEBSERVER_ERROR_LOG.
>
>
> As to the OPTIONS * request failing - make sure there are no hidden
> rewrite rules or other URI mangling going on.
>
>
>
> --
> J.
>
>
>
> ------------------------------**------------------------------**---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>>
> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.org<users-unsubscribe@httpd.apache.org>
>  "   from the digest: users-digest-unsubscribe@**httpd.apache.org<users-digest-unsubscribe@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message