Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Capturing internal Apache errors, return custom HTTP status |
|
| Author |
|
Martin_CU
Joined: 15 Nov 2013
Posts: 2
Location: Ithaca, NY
|
 Posted: Fri 15 Nov '13 23:38 Post subject: Capturing internal Apache errors, return custom HTTP status |
 |
|
Server Version: Apache/2.2.22 (Unix)
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0 (blah blah)
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769
-----------------------------41184676334
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]
But this won't work for all our scripts, because in some cases we do want to permit POST.
Any tips would be appreciated! |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3120
Location: Hilversum, NL, EU
|
| Posted: Sun 17 Nov '13 12:33 Post subject: |
|
|
Is it not possible to solve the post issue in your scripts ?
There is no way to prevent Apache given the 500 error. Maybe mod_security can do it, but you have to ask it at their list.
Steffen |
|
| Back to top |
|
Martin_CU
Joined: 15 Nov 2013
Posts: 2
Location: Ithaca, NY
|
| Posted: Mon 18 Nov '13 1:02 Post subject: |
|
|
| Steffen wrote: | | Is it not possible to solve the post issue in your scripts ? |
As far as I can tell, the scripts never actually get run. I tested for this in the following ways:
1. I removed the execute bits from the scripts. This would normally generate a different error, but Apache still returns the same internal error when it receives the malformed POST.
and, perhaps more telling:
2. I inserted lines that output to stderr at the top of the (perl) scripts, before any request processing it done. The code is never reached when Apache receives a malformed POST. |
|
| Back to top |
|
|
|
|
|
|
