Re: apache failed

Mon, 02 Dec 2002 07:59:49 -0600

It 's not the error messages when logrotate reload apache config. I have this problem after a request.
I have two webserver with the same config. And I can see that the two servers receive this request and one of them died after. 


I see on the mails in this discussion ( 
http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html 
) that apache gives this error message (client sent HTTP/1.1 request 
without hostname (see RFC2616 section 14.23): /) when it receives 
request from the worm.



When I check the log from this fatal request on the other server, I have 
this:
[Fri Nov 29 15:06:39 2002] [error] [client xxx.xx.x.x] client sent 
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /[Fri Nov 
29 15:06:51 2002] [error] mod_ssl: SSL handshake failed (server 
xxxxxxx::443, client xxx.xx.x.x (OpenSSL library error follows)
[Fri Nov 29 15:06:52 2002] [error] OpenSSL: error:1406B458:SSL 
routines:GET_CLIENT_MASTER_KEY:key arg too long


I have this error message +/- 5 times by day. And sometimes, apache died.

Thanks

Mathieu



Emmanuel Lacour wrote:


On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote:

 


Hi,

My webserver with apache (+ mod_ssl) failed when I receive a worms attack.


I see this message in the error log: [error] [client xxx.xxx.xxx.xxx] 
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /


The father process of apache was killed.


I have the last security packages installed on the webserver for apache 
& mod_ssl.



I see the same problem on the mailing list 
http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html 
but I didn't see no clue for this case.



   



I got a pbm like this (but not really...) on three debian boxes (woody) with 
apache-ssl.

it seems to appear after a bad reload during logrotate.

it appears:

one time in january on a deb box
one time in july and one other on september on another deb box
one time in october on another deb box

thoses are the only ones and I have a lot of apache-ssl/woody servers
working (maybe 50)

each time I've got the folowing entries in apache logs at logrotate time:

accept_mutex_on: Identifier removed
[alert] Child 4968 returned a Fatal error...
Apache is exiting!


then some hours later (~ 5) apache crashes!!!


My only fix at this time is done by changing reload in logrotate by a
clean stop, sleep, start ... not a good fix, but it's enough and working
for me.


Unfortunatly, I can't debug more as I can't reproduce this and it
doesn't appear very often...



 


























					Reply via email to