Apache LimitRequestFieldSize Directive does not work - apache

I'm running my website on apache 2.2 and when the HTTP request header size is above 8K I get a HTTP 400 error -
Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
cookie /n
And the error in Apache error_log is -
[Fri Jul 24 18:52:56 2015] [error] [client XX.XX.XX.XX] request failed: error reading the headers
This is expected but when I set allowed limit to 16k by -
LimitRequestFieldSize 16380
I still get the same HTTP 400 error on the browser but this time I don't see any error apache error_log.
I have tried using higher values with LimitRequestLine and LimitRequestFields but it doesn't work. Is there any thing I'm missing here ?

Related

Apache server reverse proxy: increase file upload limit

I'm configuring a httpd to perform as a reverse proxy which should allow file uploads as well. Average file size is around 20MB. With basic configurations I could only upload files of max size 128KB.
After referring some materials, I installed modsecurity plugin to enable uploading files with max allowance of 30 MB.
In the mod_security.conf file, I have:
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyLimit 31457280
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 1048576
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!#eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
But if I try to upload even 1MB file, I get the below error:
[:error] [pid 7877] [client 10.192.10.186:47406] [client 10.192.10.186] ModSecurity: Multipart parsing error (init): Multipart: Invalid boundary in C-T (malformed). [hostname "<host>"] [uri "<uri>"] [unique_id "YmE-3e7SizASbXjV8cTWfQAAAAQ"]
[proxy:error] [pid 7877] (32)Broken pipe: [client 10.192.10.186:47406] AH01084: pass request body failed to 10.192.21.143:443
[proxy_http:error] [pid 7877] [client 10.192.10.186:47406] AH01097: pass request body failed to 10.192.21.143:443 () from 10.192.10.186 ()
The questions I have are:
Am I using the correct plugging?
What is the error in the above configuration?
OWASP ModSecurity Core Rule Set dev-on-duty here. Your error is the first alert message: "Multipart parsing error (init): Multipart: Invalid boundary in C-T (malformed)." The rest is Apache reacting to the ModSecurity parsing abort.
Based on my experience with ModSecurity I am confident we're facing a malformed multipart request. Try to submit a multipart request with curl to see if it works out. If it does, as I suspect, you need to look at your client. Probably by taking a very close look at the request body and the Content-Type header.

Apache HTTPD 2.4 AH02429 error with phantom response header

I've an Apache HTTPD 2.4.37 which, since this morning, is responding with 500 and [Mon Jan 24 12:27:03.132322 2022] [http:error] [pid 3650579:tid 140496433313536] [client 10.42.0.47:53214] AH02429: Response header name '[Mon Jan 24 12' contains invalid characters, aborting request while trying to render a Perl application.
If I try to call the website with curl -v I cannot see such "header" in the response headers.
Morevoer, if I copy the conf.modules.d folder from an Apache HTTPD 2.4.6 version it then works as expected.
After some backtracking, it seems like that a request header I'm setting it's breaking the request when this is empty.
I was following https://httpd.apache.org/docs/2.4/env.html#fixheader to propagate an "invalid" (for Apache HTTPD) header and the regex used there matches even if the value of the header is empty (i.e. the header is not part of the request at all).
In such a case, for some reason the request gets broken.

[proxy_fcgi:error](70007)The timeout specified has expired

I am facing a weared issue with my Magento webstite... its goes down after every 1-2 days. Error is Error 503 Backend Fetch Failed. Guru Meditation.
When I check apache logs it shows "[proxy_fcgi:error] [pid 3910:tid 140273111668480] (70007)The timeout specified has expired: [client 127.0.0.1:55123] AH01075: Error dispatching request to :81: (polling)"
I doubts that it is issue with apache as it cannt return responce to varnish... I have checked few blogs and as per them Timeout need to be increased in apache.But i dont see any configuration like this.
After restating the server website works fine for 1-2 days.
Add these two lines into your httpd.conf file:
Timeout 600
ProxyTimeout 600

Serving static files in apache returns 500 if file doesn't exist

I am running on Centos 7 and having a strange but very minor issue, if a static file such as css or image is missing on the filesystem, Apache will return 500 instead of a 404.
I've tried a few things such as temporarily disabling selinux, mod_security, and mod_pagespeed to narrow down the issue, and the logs are not giving me any indication as to what rule would be causing it to return 500 instead of gracefully returning a 404.
Does anyone have any ideas for ways to find the cause of the 500 errors being thrown?
Edit (add log samples):
modsec_audit.log
--f9f2f74b-F--
HTTP/1.0 500 Internal Server Error
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
access_log
[09/Jun/2015:19:38:37 -0400] "GET /subfolder/images/BTN_red_bullet.gif HTTP/1.1" 500 - "http://example.com/subfolder/" "Serf/1.1.0 mod_pagespeed/1.9.32.3-4448"
error_log
[Tue Jun 09 19:09:28.612497 2015] [pagespeed:warn] [pid 18574] [mod_pagespeed 1.9.32.3-4448 #18574] Fetch timed out: http://example.com/subfolder/images/BTN_red_bullet.gif (connecting to:x.x.x.x) (1) waiting for 50 ms

Apache Proxy Error

I am getting the following error intermittently on my server:
**Proxy Error**
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /.
Reason: Error reading from remote server
The error logs show the following:
[Sun Feb 06 03:06:00 2011] [error] [client 82.43.154.57] proxy: Error reading from remote server returned by /login, referer: https://demo.XXXXX.us/
[Sun Feb 06 03:06:30 2011] [error] [client 82.43.154.57] (70007)The timeout specified has expired: proxy: error reading status line from remote server XXXXX.us
[Sun Feb 06 03:06:30 2011] [error] [client 82.43.154.57] proxy: Error reading from remote server returned by /
[Sun Feb 06 03:13:31 2011] [error] [client 82.43.154.57] (70007)The timeout specified has expired: proxy: error reading status line from remote server XXXXX.us
[Sun Feb 06 03:13:31 2011] [error] [client 82.43.154.57] proxy: Error reading from remote server returned by /
I have read a lot of posts suggesting connection timeout settings in tomcat and environment settings in Apache. I have set the following in httpd.conf:
<VirtualHost *>
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</VirtualHost>
I have also set the following in tomcat server.xml:
<Connector port="9080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="9443" acceptCount="100"
connectionTimeout="60000" disableUploadTimeout="true" />
Also, once the error occurs, I have to start a new browser for the error to disappear as it continues to show even on a refresh. Secondly, I am using htaccess to rewrite the url. Don't know if this has any impact on the error?
EDIT>
My server is running on 150mb of free memory at normal times and can drop quite low but not at the exact times of the above error. Would this cause such an error?
I would appreciate any ideas people have.
Thank you.
This was an issue with Pear Mailer.
We were using Pear Mailer which uses a queue to stack emails ready for sending with a cron job. There was an error in the Pear script which was being called on every action on our site (making posts, sending messages etc..). Pear was crashing which in turn crashed the browser resulting in the above errors.
Disabling Pear resolved the problem, and tweaking the code got it working again.
It took so long to find the issue as we never thought Pear Mailer could cause such a response.
we had a similar problem on our server after a mysql crash, and the only solution was to restart the server.