Hello,
I just wanted to provide a resolution to this problem for future
searches etc. So the behaviour we were seeing is totally normal for
httpd. If you do a HTTPS request to httpd on a socket that it is
listening on, but doesn't have a VirtualHost configured, it will return
a plaintext HTTP 400.
We ended up going round the houses on this issue, until we noticed that
the problem was that our load balancer (relayd in this case) would
'randomly' increment the IP address that it was directing the request to
by 1 (i.e. instead of handshaking with .144 it would handshake with
.145) which on some addresses, we didn't have a virtual host configured.
So, the long and short of it is: not a bug with httpd; as was predicted
by everyone, it's a problem outside of its control and misbehaviour
upstream.
The main thing I think that's useful information for other people
experiencing something similar is that the logs for this are only
available at debug, so we've changed our production httpd configuration
to be:
LogLevel warn core:debug
That way we get in the error log:
AH00566: request failed: malformed request line
This provided us with the visibility of the problem that then let us
track back exactly what was going on.
Thanks for the input everyone!
Rob
On 29/04/2021 14:36, Rob Emery wrote:
Assuming your site is public facing, give this evaluation a try and
see if anything interesting is mentioned.
https://www.ssllabs.com/ssltest/
It is indeed public and I've just run that. Nothing strikes me as
weird or unusual about it at all unfortunately:
https://www.ssllabs.com/ssltest/analyze.html?d=services.codeweavers.net
Thanks,
Rob
--
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org