I have two webserver with the same config. And I can see that the two servers receive this request and one of them died after.
I see on the mails in this discussion ( http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html ) that apache gives this error message (client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /) when it receives request from the worm.
When I check the log from this fatal request on the other server, I have this:
[Fri Nov 29 15:06:39 2002] [error] [client xxx.xx.x.x] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /[Fri Nov 29 15:06:51 2002] [error] mod_ssl: SSL handshake failed (server xxxxxxx::443, client xxx.xx.x.x (OpenSSL library error follows)
[Fri Nov 29 15:06:52 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
I have this error message +/- 5 times by day. And sometimes, apache died.
Thanks
Mathieu
Emmanuel Lacour wrote:
On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote:
Hi,I got a pbm like this (but not really...) on three debian boxes (woody) with apache-ssl.
My webserver with apache (+ mod_ssl) failed when I receive a worms attack.
I see this message in the error log: [error] [client xxx.xxx.xxx.xxx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
The father process of apache was killed.
I have the last security packages installed on the webserver for apache & mod_ssl.
I see the same problem on the mailing list http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html but I didn't see no clue for this case.
it seems to appear after a bad reload during logrotate.
it appears:
one time in january on a deb box
one time in july and one other on september on another deb box
one time in october on another deb box
thoses are the only ones and I have a lot of apache-ssl/woody servers
working (maybe 50)
each time I've got the folowing entries in apache logs at logrotate time:
accept_mutex_on: Identifier removed
[alert] Child 4968 returned a Fatal error...
Apache is exiting!
then some hours later (~ 5) apache crashes!!!
My only fix at this time is done by changing reload in logrotate by a
clean stop, sleep, start ... not a good fix, but it's enough and working
for me.
Unfortunatly, I can't debug more as I can't reproduce this and it
doesn't appear very often...
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
