1.3.6 -> 1.3.11 giving problems

[Michael Smith <mj...@iii.co.uk>]

I'm finally getting round to upgrading our servers from 1.3.6 to 1.3.11,
and we've had a couple of problems relating to our reverse proxy setup.
Firstly we found that ProxyPass directives ceased to work (or at least
in the same way they used to), though I got round this by using various
forms of RewriteRule ... [P] instead (sorry if I missed something in the
docos here)  Secondly, and less easily resolved is that the machines I
am proxying to gives this error for some of the pages:

[Thu Feb  3 17:46:52 2000] [error] [client 10.0.0.6] Client sent
malformed Host header

If I make a request to the server directly, with the equivalent
URL I don't see a problem and I also don't see the problem for every
request that is passed to this server (and I'm currently trying to work
out what is the difference between those that work and those that
don't).

Apart from this, mod_proxy is running beautifully for our approx 2mil
dynamic pages per day - looking forward to finding out about
mod_backhand at ApacheCon.

Anyone else seen this?  Any ideas?

Mike

Re: 1.3.6 -> 1.3.11 giving problems

[Marc Slemko <ma...@znep.com>]

On Fri, 4 Feb 2000, Eugene Lee wrote:

> On Thu, Feb 03, 2000 at 02:23:34PM -0700, Marc Slemko wrote:
> :
> :Does your hostname have an underscore in it?
> :
> :The (poor) decision to reject all such hostnames in 1.3.11 was made,
> :without properly documenting that.
> 
> Was the decision itself poor, or was the lack of documentation for that
> decision poor?  If the former, why?  No underscores is a DNS requirement
> that all TCP/IP apps must obey.

Both.

Apache should not suddenly change to reject a behaviour that many users
use without notifying them or providing any workaround or even providing
a useful error.  Especially since this change was slipped in under the
pretense of a security fix.

I also don't really see it fit for Apache to be the thing enforcing a
silly rule that has only mild support from various standards.  The
historical basis for this rule isn't as strong as many people like to
claim and, once again, it was pushed into BIND, etc. as a "security issue"
because some machines may interpret "_" as a command separator or some
such nonsense.

Re: 1.3.6 -> 1.3.11 giving problems

[Eugene Lee <eu...@anime.net>]

On Thu, Feb 03, 2000 at 02:23:34PM -0700, Marc Slemko wrote:
:
:Does your hostname have an underscore in it?
:
:The (poor) decision to reject all such hostnames in 1.3.11 was made,
:without properly documenting that.

Was the decision itself poor, or was the lack of documentation for that
decision poor?  If the former, why?  No underscores is a DNS requirement
that all TCP/IP apps must obey.


-- 
Eugene Lee
eugene@anime.net

Re: 1.3.6 -> 1.3.11 giving problems

[Tony Finch <do...@dotat.at>]

Wilfredo Sanchez <ws...@apple.com> wrote:
>
>  Hrm.  DNS constraints apply to Internet hosts which care to be  
>found via DNS, not "all TCP/IP apps".  There are other name services  
>available that may not have that constraint and are commonly used in  
>intranets.  Why is Apache enforcing limitations imposed by DNS?

It isn't a DNS restriction, it's a restriction on Internet host names.
DNS names that do not refer to hosts don't have to meet the syntax.
The restriction dates from before DNS, and I would expect that hosts
on the Internet located via other databases should conform to the same
naming syntax.

The reason for the change was that the mass vhosting stuff that I did
(mod_vhost_alias and the recipes for mod_rewrite) didn't validate
hostnames and therefore allowed people to get at file outside the
document tree by using a suitably constructed Host: header. The
obvious solution was to properly check the Host: header using the spec
in the RFCs.

Marc did suggest that this was too restrictive a syntax, but I
couldn't think of a better one than following the standard.

Tony.
-- 
               **                              **               
***   ***   ***  **** ***   *******   ***   ***  **** ***   ****
   ***   ***         *   ***       ***   ***         *   ***    

Re: 1.3.6 -> 1.3.11 giving problems

[Michael Smith <mj...@iii.co.uk>]

Marc Slemko wrote:

> Does your hostname have an underscore in it?

Heh, how did you guess??? :)

> The (poor) decision to reject all such hostnames in 1.3.11 was made,
> without properly documenting that.

Thanks - we have two interfaces for our servers, one external (xxx.iii.co.uk)
and one internal (xxx_u.iii.co.uk), which I used for proxying.  Changing
these to xxx-u.iii.co.uk removes the problem.

Many thanks

Mike

Re: 1.3.6 -> 1.3.11 giving problems

[Marc Slemko <ma...@znep.com>]

Does your hostname have an underscore in it?

The (poor) decision to reject all such hostnames in 1.3.11 was made,
without properly documenting that.

On Thu, 3 Feb 2000, Michael Smith wrote:

> I'm finally getting round to upgrading our servers from 1.3.6 to 1.3.11,
> and we've had a couple of problems relating to our reverse proxy setup.
> Firstly we found that ProxyPass directives ceased to work (or at least
> in the same way they used to), though I got round this by using various
> forms of RewriteRule ... [P] instead (sorry if I missed something in the
> docos here)  Secondly, and less easily resolved is that the machines I
> am proxying to gives this error for some of the pages:
> 
> [Thu Feb  3 17:46:52 2000] [error] [client 10.0.0.6] Client sent
> malformed Host header
> 
> If I make a request to the server directly, with the equivalent
> URL I don't see a problem and I also don't see the problem for every
> request that is passed to this server (and I'm currently trying to work
> out what is the difference between those that work and those that
> don't).
> 
> Apart from this, mod_proxy is running beautifully for our approx 2mil
> dynamic pages per day - looking forward to finding out about
> mod_backhand at ApacheCon.
> 
> Anyone else seen this?  Any ideas?
> 
> Mike
> 
> 
>