logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Trouble when Upgrading from 2.4.23 to 2.4.27

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
digipen



Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen

PostPosted: Thu 20 Jul '17 13:47    Post subject: Trouble when Upgrading from 2.4.23 to 2.4.27 Reply with quote

Hello,

we are with apache lounge since a some years without ever having problems during updates.
At the moment we are using the 2.4.23 VC14 version also with a (hopefully) stong ssl configuration.

So when I now updated to 2.4.27 VC14 then browsers (desktop and mobile) still work without problems.
But our digipen android app is no longer able to connect to our servers. So I had to turn the wheel back to 2.4.23.

What we found out is that the android client contacts the apache 2.4.27 and got 400 as status back. The httpd has not forwarded to the tomcat.

I assume that we have an inplementation problem in our clients, that I would like to detect.

From the changelog I guessed that one of the following entries could be the reason for our problem:

*) mod_rewrite: When a substitution is a fully qualified URL, and the
scheme/host/port matches the current virtual host, stop interpreting the
path component as a local path just because the first component of the
path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
to revert to previous behavior. PR60009.
[Hank Ibell <hwibell gmail.com>]


*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]



So I would like to ask the following questions:

1) Is there a way to find out more about the problem on the server side? The logfiles are not very helpful.

2) Are there archived binaries of the win64 vc14 2.4.25 and 2.4.26 releases? I can't find them on the webpage. Way back machine has also nothing achived.


Thanks for help in advance.


Kai from digipen
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2536
Location: Hilversum, NL, EU

PostPosted: Thu 20 Jul '17 14:08    Post subject: Reply with quote

Restored Win64 2.4.25 and 2.4.26, replace in the download url 27 with 25/26.
Back to top
digipen



Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen

PostPosted: Thu 20 Jul '17 14:24    Post subject: Reply with quote

Thanks, I got both zips.
Back to top
digipen



Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen

PostPosted: Thu 20 Jul '17 14:52    Post subject: Reply with quote

Ok our problem occurs first with 2.4.25.
So I assume its the RFC7230 thing.

Any idea how to "debug" this on server side?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6202
Location: Germany, Next to Hamburg

PostPosted: Sun 23 Jul '17 17:13    Post subject: Reply with quote

You can change the LogLevel to get more information in the logs. ( can blow your logs Wink )

it might help if you could post your config to the tomcat server.
Back to top
digipen



Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen

PostPosted: Mon 24 Jul '17 11:34    Post subject: Reply with quote

Ok thanks all for help, finally we found our problem - the Android developers send a header "Android Version" which is wrong. So we replaced it with "Android-Version" to make things work Smile
Back to top
digipen



Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen

PostPosted: Mon 24 Jul '17 11:56    Post subject: Reply with quote

For backward compatibility I tried:


RequestHeader unset "Android Version" early

without luck, so last question is, is there a server side way to ignore/remove the not RFC7230 conform headers?
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1