Your message dated Mon, 13 Aug 2018 22:53:36 -0400
with message-id <20180814025336.GB11378@i5>
and subject line 802680-done
has caused the Debian Bug report #802680,
regarding lighttpd: server.error-handler-404 broken, returns status code 200
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
802680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802680
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lighttpd
Version: 1.4.35-4
Severity: important
When using:
server.error-handler-404 = "/404/"
The resulting page is being returned status 200.
A related problem was fixed upstream in 1.4.17[1], but that was for when the
handler
was a dynamic page, in my case I'm trying to serve a static page. The page is
actually
served so I know the directive is being honoured; but it's definitely being
returned
as HTTP 200.
[1] http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.5-x86_64-linode52 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lighttpd depends on:
ii init-system-helpers 1.22
ii libattr1 1:2.4.47-2
ii libbz2-1.0 1.0.6-7+b3
ii libc6 2.19-18+deb8u1
ii libfam0 2.7.0-17.1
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u1
ii libpcre3 2:8.35-3.3
ii libssl1.0.0 1.0.1k-3+deb8u1
ii libterm-readline-perl-perl 1.0303-1
ii lsb-base 4.1+Debian13+nmu1
ii mime-support 3.58
ii perl 5.20.2-3+deb8u1
ii systemd 215-17+deb8u2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages lighttpd recommends:
pn spawn-fcgi <none>
Versions of packages lighttpd suggests:
ii apache2-utils 2.4.10-10+deb8u3
ii openssl 1.0.1k-3+deb8u1
pn rrdtool <none>
-- Configuration Files:
/etc/lighttpd/conf-available/10-ssl.conf changed:
$SERVER["socket"] == "XXXXXXXXXXXXXX:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
ssl.ca-file =
"/etc/ssl/private/XXXXXXXXXXX/sub.class1.server.sha2.ca.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list =
"AES128+EECDH:AES128+EDH:ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!eNULL:!EDH:!AESGCM:!EXPORT:!DES"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable" # CRIME attack
}
/etc/lighttpd/lighttpd.conf changed:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
index-file.names = ( "index.php", "index.html",
"index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.allowed-encodings = ("gzip", "deflate")
compress.filetype = ( "application/javascript", "text/css",
"text/html", "text/plain" )
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/home/jon/etc/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-- no debconf information
--- End Message ---
--- Begin Message ---
Package: lighttpd
Tags: wontfix
http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
is now more explicit about the behavior, which is expected.
Workarounds have been suggested, including
* mod_rewrite: url.rewrite-if-not-file
* mod_magnet: (custom lua code)
and in lighttpd 1.4.40 and later
* server.error-handler catches all HTTP status >= 400
and preserves the HTTP status
--- End Message ---