[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    [apache-ssl] OT: Apache 1.3.11+SSL 1.38?
From:       Drew Smith <drew () pctc ! com>
Date:       2000-01-26 19:11:52
[Download RAW message or body]


	Hey guys, sorry for the slightly OT post;

	I just rebuilt my apache+SSL+jrun+php3+mod_perl RPM, and upgraded the
dummy server to test it out.  After installing, I tried to access the
test box from my desktop Linux machine, and received the error:


Bad Request

Your browser sent a request that this server could not understand.

Client sent malformed Host header


Apache/1.3.11 Ben-SSL/1.38 Server at rizzo_ssl Port 443

	
	After looking through the changes file for the new version of apache, I
notice this:

  *) More rigorous checking of Host: headers to fix security problems
     with mass name-based virtual hosting (whether using mod_rewrite
     or mod_vhost_alias).
     [Ben Hyde, Tony Finch]

	I'm loading both mod_rewrite AND mod_vhost_alias (I know, I don't need
them, I'm still tuning the server; building the ultimate apache RPM). 
My real question is - does anyone have any further information about the
"more rigorous checking of Host: headers"?  What exactly is it doing,
and why am I recieving this error?  Is it something with my client
machine, or the server itself?

	D'oh.  Just solved it on my own - tried it from another machine, and it
works.  Probably something to do with the slightly munged hostname on
this machine.  $%&@#$@ RedHat install!  Bah.

	So, I guess, just be forewarned that people are having interesting
probs with the latest apache and SSL. :)

	Cheers,
	- Drew.

[prev in list] [next in list] [prev in thread] [next in thread]