logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Capturing internal Apache errors, return custom HTTP status
Author
Martin_CU



Joined: 15 Nov 2013
Posts: 2
Location: Ithaca, NY

PostPosted: Fri 15 Nov '13 23:38    Post subject: Capturing internal Apache errors, return custom HTTP status Reply with quote

Server Version: Apache/2.2.22 (Unix)

On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.

Here's the most trivial example I can come up with that reproduces the problem for us:

POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0 (blah blah)
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769

-----------------------------41184676334

In addition to the 500 error in the access log, we see the corresponding error in the error log:

(70014)End of file found: Error reading request entity data

Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.

The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.

Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.

So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):

RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]

But this won't work for all our scripts, because in some cases we do want to permit POST.

Any tips would be appreciated!
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3120
Location: Hilversum, NL, EU

PostPosted: Sun 17 Nov '13 12:33    Post subject: Reply with quote

Is it not possible to solve the post issue in your scripts ?

There is no way to prevent Apache given the 500 error. Maybe mod_security can do it, but you have to ask it at their list.

Steffen
Back to top
Martin_CU



Joined: 15 Nov 2013
Posts: 2
Location: Ithaca, NY

PostPosted: Mon 18 Nov '13 1:02    Post subject: Reply with quote

Steffen wrote:
Is it not possible to solve the post issue in your scripts ?


As far as I can tell, the scripts never actually get run. I tested for this in the following ways:

1. I removed the execute bits from the scripts. This would normally generate a different error, but Apache still returns the same internal error when it receives the malformed POST.

and, perhaps more telling:

2. I inserted lines that output to stderr at the top of the (perl) scripts, before any request processing it done. The code is never reached when Apache receives a malformed POST.
Back to top


Reply to topic   Topic: Capturing internal Apache errors, return custom HTTP status View previous topic :: View next topic
Post new topic   Forum Index -> Apache