Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C09779C56 for ; Thu, 5 Jan 2012 02:50:00 +0000 (UTC) Received: (qmail 40399 invoked by uid 500); 5 Jan 2012 02:49:57 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 40220 invoked by uid 500); 5 Jan 2012 02:49:56 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 40212 invoked by uid 99); 5 Jan 2012 02:49:55 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 02:49:55 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of icicimov@gmail.com designates 209.85.210.173 as permitted sender) Received: from [209.85.210.173] (HELO mail-iy0-f173.google.com) (209.85.210.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 02:49:51 +0000 Received: by iagj37 with SMTP id j37so175591iag.18 for ; Wed, 04 Jan 2012 18:49:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cwerw8xHwSkGgXK6lcgQKWEewct56VjYy5rKxlF0+Yw=; b=cU0fwipokIiLS/nEJyDPFC6z3scJAtRFGEMuZjvUUErsMXRrFqwsxpbnA2QAo0wEYi VIhDEpVj3Pxxj7eLTovLt0Hg+OJJzcf5GrCsECJb5FblPMjEkINHuYwWygkapoplHlLG p66WSe7wqI1r+USaCquPUIJ7ELwqLTKcU0/w0= MIME-Version: 1.0 Received: by 10.50.158.193 with SMTP id ww1mr195796igb.26.1325731770540; Wed, 04 Jan 2012 18:49:30 -0800 (PST) Received: by 10.42.130.9 with HTTP; Wed, 4 Jan 2012 18:49:30 -0800 (PST) In-Reply-To: <4F04A5D6.8090503@adaptr.nl> References: <32337932.f359VV08xi@linux-suse> <4F04A5D6.8090503@adaptr.nl> Date: Thu, 5 Jan 2012 13:49:30 +1100 Message-ID: From: Igor Cicimov To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=14dae9340a5d40223e04b5befb17 Subject: Re: [users@httpd] Invalid URI in request OPTIONS * HTTP/1.0 --14dae9340a5d40223e04b5befb17 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable [error] [client 194.38.104.110] ModSecurity: Warning. String match "Invalid URI in request" at WEBSERVER_ERROR_LOG. ModSecurity? Protection against using * in the URI? On Thu, Jan 5, 2012 at 6:17 AM, Jeroen Geilman wrote: > On 01/04/2012 12:36 PM, Sz=C5=91ts =C3=81kos wrote: > >> Hi All, >> >> There's a frequent error message in my Apache error_log (v2.2.21 under >> openSUSE 12.1): >> "Invalid URI in request OPTIONS * HTTP/1.0" >> >> I know this is an internal dummy connection to test if the server is ali= ve >> or not. But every time, Apache tries to connect to itself, it writes >> instead of the error log. >> >> Here is the full request: >> OPTIONS * HTTP/1.0 >> User-Agent: Apache (internal dummy connection) >> >> Response: >> HTTP/1.1 400 Bad Request >> Vary: accept-language,accept-**charset,User-Agent >> Accept-Ranges: bytes >> Connection: close >> Content-Type: text/html; charset=3Diso-8859-1 >> Content-Language: en >> Expires: Tue, 03 Jan 2012 19:31:04 GMT >> >> Here is the full "debug" log: >> [error] [client 194.38.104.110] Invalid URI in request OPTIONS * HTTP/1.= 0 >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [error] [client 194.38.104.110] ModSecurity: Warning. String match >> "Invalid >> URI in request" at WEBSERVER_ERROR_LOG. >> >> I tried to telnet to my server on port 80, and when I write "OPTIONS *",= I >> get a 400 error, but when I write "OPTIONS /", I got 200 OK. >> RFC says the * is acceptable, so I don't understand why the error. >> >> > An internal dummy connection will originate from localhost (127.0.0.1), > not 194.138.104.110: > > > [error] [client 194.38.104.110] ModSecurity: Warning. String match > "Invalid URI in request" at WEBSERVER_ERROR_LOG. > > > As to the OPTIONS * request failing - make sure there are no hidden > rewrite rules or other URI mangling going on. > > > > -- > J. > > > > ------------------------------**------------------------------**--------- > The official User-To-User support forum of the Apache HTTP Server Project= . > See > > for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.org > " from the digest: users-digest-unsubscribe@**httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --14dae9340a5d40223e04b5befb17 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
[error] [client 194.38.104.110] ModSecurity: Warning. String match &qu= ot;Invalid
URI in request" at WEBSERVER_ERROR_LOG.
=C2=A0
ModSecurity? Protection against using * in the URI?

On Thu, Jan 5, 2012 at 6:17 AM, Jeroen Geilman <= span dir=3D"ltr"><jeroen@adaptr.nl> wrote:
On 01/04/2012 12:36 PM, Sz=C5=91ts =C3=81kos wrote:
Hi All,

There's a frequent= error message in my Apache error_log (v2.2.21 under
openSUSE 12.1):
"Invalid URI in request OPTIONS * HTTP/1.0"

I know this is= an internal dummy connection to test if the server is alive
or not. But= every time, Apache tries to connect to itself, it writes
instead of the= error log.

Here is the full request:
OPTIONS * HTTP/1.0
User-Agent: Apache (= internal dummy connection)

Response:
HTTP/1.1 400 Bad Request
= Vary: accept-language,accept-charset,User-Agent
Accept-Ranges: by= tes
Connection: close
Content-Type: text/html; charset=3Diso-8859-1
Conte= nt-Language: en
Expires: Tue, 03 Jan 2012 19:31:04 GMT

Here is th= e full "debug" log:
[error] [client 194.38.104.110] Invalid UR= I in request OPTIONS * HTTP/1.0
[debug] mod_headers.c(756): headers: ap_headers_output_filter()
[debug] = mod_headers.c(756): headers: ap_headers_output_filter()
[debug] mod_head= ers.c(756): headers: ap_headers_output_filter()
[debug] mod_headers.c(75= 6): headers: ap_headers_output_filter()
[error] [client 194.38.104.110] ModSecurity: Warning. String match "In= valid
URI in request" at WEBSERVER_ERROR_LOG.

I tried to tel= net to my server on port 80, and when I write "OPTIONS *", I
get a 400 error, but when I write "OPTIONS /", I got 200 OK.
R= FC says the * is acceptable, so I don't understand why the error.

An internal dummy connection will originate = from localhost (127.0.0.1), not 194.138.104.110:=20


=C2=A0 =C2=A0 =C2=A0 =C2=A0[error] [client 194.38= .104.110] ModSecurity: Warning. String match "Invalid URI in request&q= uot; at WEBSERVER_ERROR_LOG.


As to the OPTIONS * request f= ailing - make sure there are no hidden rewrite rules or other URI mangling = going on.



--
J.=20



--------------------------------------= -------------------------------
The official User-To-User support= forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/= userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
=C2= =A0" =C2=A0 from the digest: users-digest-unsubscribe@httpd= .apache.org
For additional commands, e-mail: users-help@httpd.apache.org

<= /blockquote>

--14dae9340a5d40223e04b5befb17--