gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error) - apache

I'm trying to setup Kerberos authentication on Apache 2.2.15-30 (CentOs 6.5), and am facing an issue that I'm not able to debug or solve. I can see the TGS request in the KDC log and Firefox sends the correct Authorization: Negotiate header, but something in Apache goes wrong and I'm getting an HTTP 500.
krb5kdc.log
Jul 02 20:59:03 infa.domain.local krb5kdc[1847](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.218.201: ISSUE: authtime 1404320175, etypes {rep=23 tkt=23 ses=23}, Administrator#DOMAIN.LOCAL for HTTP/infa.domain.local#DOMAIN.LOCAL
Apache error_log
[Wed Jul 02 20:59:01 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1279): [client 192.168.218.1] Acquiring creds for HTTP/infa.domain.local
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1692): [client 192.168.218.1] Verifying client data using KRB5 GSS-API
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1708): [client 192.168.218.1] Client didn't delegate us their credential
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1727): [client 192.168.218.1] GSS-API token of length 941 bytes will be sent back
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1139): [client 192.168.218.1] GSS-API major_status:01020000, minor_status:00000000
[Wed Jul 02 20:59:03 2014] [error] [client 192.168.218.1] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)
HTTP dump
GET http://infa.domain.local/server-status HTTP/1.1
Host: infa.domain.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0
HTTP/1.1 401 Authorization Required
Date: Wed, 02 Jul 2014 19:32:39 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Negotiate
Content-Length: 484
Connection: close
Content-Type: text/html; charset=iso-8859-1
Proxy-Support: Session-Based-Authentication
GET http://infa.domain.local/server-status HTTP/1.1
Host: infa.domain.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0
Authorization: Negotiate YIID5QYGKwYBBQUCoIID2TCCA9WgCjAIBgYrBgEFAgWiggPFBIIDwWCCA70GBisGAQUCBQUBMBChDgQMRE9NQUlOLkxPQ0FMbIIDnTCCA5mhAwIBBaIDAgEMo4IDFzCCAxMwggIvoQMCAQGiggImBIICIm6CAh4wggIaoAMCAQ WhAwIBDqIHAwUAAAAAAKOCAU9hggFLMIIBR6ADAgEFoQ4bDERPTUFJTi5MT0NBTKIhMB+gAwIBAqEYMBYbBmtyYnRndBsMRE9NQUlOLkxPQ0FMo4IBCzCCAQegAwIBEqEDAgEBooH6BIH3jDiOe80e8vCv7Tmsd+t0spncJWnD v99vLDpi5PYc1Gj8vGH7xJxnz4dsr6WavFLmgYCRnvrF+Y+lU/QVF/AUNiqIG7ifGAJGD4IKHzcyYfNo9BLlNBGBckLdIhC3o2G8VfHWxv+Zo6DNfZUJsIVfoN2bls2C8K9K2pv/qd/FHR96+3JpCkRSb2tKqh2VQBA2mplvJML38nvHQkp5Y0rHQ ecbc0bHns1ddh/RLIlPcwdy8r7xDx7m5QUWH3gI6nSEhrcd/sIKoRJ88ezcMfqumXq2UxvBdBJAH86q9r9r/t74jXpyDFlRgF/Z6OLMwMdus2AkBNrbiaSBsTCBrqADAgEXooGmBIGj4DUpIRQjvddUEpp7sft5UjlnOPOCia9BSyxYBszOihLHr2D 2B6mL6fmqx7IcAVfVzV66B/gqQ4roAh0z4YKensKtqIAG7au2RsXtYNAjEgUFgh7dEE7kACUFoVB2VUK2mtjuHabbwMZ4gprrRIgDeFqROIhxWasVgxhak6dXQAKGEyvVlGoeLTJTPER5s2tcDRkoVTLFO0hBJxarNI/GTk1e1jCB3aEEAgIAi KKB1ASB0aCBzjCBy6EcMBqgBAIC/3ahEgQQSjwHqwdg2yuvh3nbGzDVuqKBqjCBp6ADAgEXooGfBIGccNThLwiDzyz8cJYPfI6hU505ydEQdRt6N036ZZ98Y49YfV+WWpCgXxhmL/8zhilAC2mQi5cvE5XOJOzGrWHnzl6AO1KfJQKjvogV zrFhdoPMVssGnBkrD40fsIA2uPJ2e0OeKRC/tOizUg8tVIdhkoivnh69Q1BDAx3JFjx3txRtDoSZHz6x4mlBSs72xFIlIkA7yhXH+nmml4yfpHIwcKAHAwUAUIEAAKIOGwxET01BSU4uTE9DQUyjJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZh LmRvbWFpbi5sb2NhbKURGA8yMDE0MDcwMzAyNTYxNlqnBgIEU7ReW6gUMBICARICARECARACARcCARkCARo=
HTTP/1.1 500 Internal Server Error
Date: Wed, 02 Jul 2014 19:32:42 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Negotiate oYIDqTCCA6WgAwoBAaEIBgYrBgEFAgWiggOSBIIDjgUBMBChDgQMRE9NQUlOLkxPQ0FMbYIDdjCCA3KgAwIBBaEDAgENooHVMIHSMIHPoQQCAgCIooHGBIHDoIHAMIG9oIG6MIG3oAMCAReiga8Egawhq77nnFYKOC2elIoQEMv 3HoPncmPLVp6/yr+HtLIuoyAsAUdbvyXars5ixGdPlg1IaceQQ3ThVvvsRthV86O4M2l55LfhlfIINZr7xQks3EKTAEA1OfsggBXdmShHV/29W2iLaQP60BvBlYCOGePMyMKp8jcgdNUQ6jLqq6No0Qk7Kro8IIjESMmVR3BAndbUfpDNYqO+IxY am/pl96xCQgu4iNznoglrYBf7ow4bDERPTUFJTi5MT0NBTKQaMBigAwIBAaERMA8bDUFkbWluaXN0cmF0b3KlggFjYYIBXzCCAVugAwIBBaEOGwxET01BSU4uTE9DQUyiJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZhLmRvbWFpbi5sb 2NhbKOCARwwggEYoAMCARehAwIBAaKCAQoEggEGyeo+gzn7hHLgwIGfZiT3kfiua+yD1d0EDhyoAmctFzukkw7xqdyMZn+gfDna6O0WI7TC6Yv2pQqg1Ph76SZ11ZQu4xXn4FBPu3G9LwbPUxN9+cohhCTPmAX6SLyNu7n9UAKLsccjb kLq8HJjUgzfLus6AqUeerqjc3eSyr+r1onfQSL9JCNtpOUWtuxGIThTQfOXEYVlVyjMi37bnAFPMrxPERL/7m3vYm3x60HBu5KHy7xfbab8jftIsr33Z/2nnMxNi5LjqVBail4BpZiuRCMmko566KSLKWRSpvr6x/YUR5TPmhXjO3YGdi2VucDn6QW t81q2dQSYvAQnbuHDL84IQUY126aB+jCB96ADAgEXooHvBIHsmFwxE55S5Gi5VkPG0cS11MHsQvllqJAIxGMkzakyyYCfMKCpHFfyIf/2bIGPvSyCCWOqFxnMOA1a/c2d3eUk6Yr+H5c8PDFePxVbKijvZRVRVJ1pAifpm9kUoKcGMo0SH 9m0H4yu94/ESE7QbEcx7pQac1Udq894rgF7OmnQXZZ6mX2VUrIb0xHxaaj9oR8+zC8vGWyyqVSZhtURxQ8Anr+MifqWKPP2QpWFohptl/zl8bYmMqs1nEH3TIe1wvtOgeqGh6KumbC4rc9IVCN8rx+3XCVr/2BM27nURT21MUzwU1tbpQM LSqT0gFE=
Content-Length: 617
Connection: close
Content-Type: text/html; charset=iso-8859-1
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
DOMAIN.LOCAL = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
forwardable = true
proxiable = true
supported_enctypes = rc4-hmac:normal
}
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
proxiable = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
[realms]
DOMAIN.LOCAL = {
kdc = infa.domain.local:88
admin_server = infa.domain.local:749
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
auth_kerb.conf
LoadModule auth_kerb_module modules/mod_auth_kerb.so
<Location /server-status>
#SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthRealms DOMAIN.LOCAL
Krb5KeyTab /etc/httpd/conf/http.keytab
KrbServiceName HTTP/infa.domain.local
require valid-user
</Location>
klist -e -k /etc/httpd/conf/http.keytabb
Keytab name: FILE:/etc/httpd/conf/http.keytab
KVNO Principal
---- --------------------------------------------------------------------------
0 HTTP/infa.domain.local#DOMAIN.LOCAL (arcfour-hmac)
Does anyone have an idea of what the problem might be? I'd be very thankful for any comments.
Thank you,
Martin


I got this exactmessage when the client's clock skew was too great. Setting the clock (and enabling ntp :-) got it working.

Related

scraping api protected by impreva

I want to scrape an api, protected by "impreva" society,they use X-D-token in request header , and visid_incap_ incap_ses_* in response header.
now with datacenter proxy I get 200 response each 50 429 http response. even if I use only one concurent request. but with residential proxy I get 200.
is there any solution to bypass this protection by using only datacenter proxy ?
this is the request :
GET /api/magasins/72/navigation-content/ HTTP/2
Host: api.cora.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/91.0.4472.114 Safari/537.36
Accept: application/vnd.api.v1+json
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Cora-Auth: apidrive
App-Id: 1
App-Signature: BROWSER;WEB;91.0.4472.114;;1.25.0;1;2;Chrome;1080;1920
X-D-Token: 3:R3wmbBvTR1D6vDBmzCLerA==:qzf5V/qwmQQShcP5/cFIjM/goahseigjk/Xs2H5btwW5kCw+nLSNStvZUdugaCm1WIVl4vGCwXFf8Te0GueaZV3koYe2oCe7YiDelKihZ5LSVVz3T6uNKMaOxpSFD+CIP6usg48ioqTCv/Wme5hdCQ8n7b5qR25xWKhFCYesCoYZnen2LHVOVnMWde6AkItRarRDG5IcEUW0XYyojX9i+XL6X3Mgnynvsb7l6wVVW4AruNE80MiLkSgo2XHlh3SBFArXBdBvvyKUpfRUGZokMqYDIS03w/ShB1OJ4KUfKs6Wu1hrNCZlY3N8RTE/S8oYAsjpagWzQwTuCTwCLtYv+48kvXRIihtHC1IQ5nRPsd7s4TuanGYsYDjm3CMaUpvA+pQIqLTiLUYdG+lIMfYXUpQpGOXC+2gF69yxyFQbtxpbluv7NsHELoaaLQHvoYKI:JA3UaEpTRK6Wjf6b6yXbvJ28p7vjimPImMsmAN8GEmI=
Uuid: 2bb3d0ad-04c1-485a-a98d-4ac3d753fd1b
Origin: https://www.cora.fr
Referer: https://www.cora.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Te: trailers
this is the response 429 :
HTTP/2 429 Too Many Requests
Date: Mon, 27 Sep 2021 13:08:36 GMT
Content-Type: application/json
Server: api.cora.fr
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.cora.fr
Vary: Origin
Set-Cookie: nlbi_2346747=ozjvaL0oPg66DB86rtkoMQAAAAA9QXZBJ+NCBIVB3SmXJNXF; path=/;
Domain=.cora.fr; Secure; SameSite=None
Set-Cookie:
visid_incap_2346747=70eYj3uqQcKlyni2K4A651PCUWEAAAAAQUIPAAAAAAD3srVYiHapPbOcjTfZu3h0;
expires=Tue, 27 Sep 2022 10:34:34 GMT; HttpOnly; path=/; Domain=.cora.fr; Secure;
SameSite=None
Set-Cookie:
incap_ses_1099_2346747=FIAFfin/tmOLYnuIJm9AD1PCUWEAAAAA/xhZaPz5UshGvjEiQfzp2w==;
path=/; Domain=.cora.fr; Secure; SameSite=None
X-Cdn: Imperva
X-Iinfo: 0-27795484-27795152 pNYN RT(1632748115671 0) q(0 0 0 0) r(1 1) U5
{"message": "429 Too Many Requests","429}
this is the header of response 200 :
HTTP/2 200 OK
Content-Type: application/json
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Mon, 27 Sep 2021 14:13:10 GMT
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 9
X-Ratelimit-Reset:
Etag: W/"09af7903630eefe87a18365ff527e6917bac5da1"
Server: api.cora.fr
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.cora.fr
Vary: Origin
Set-Cookie:
nlbi_2346747=FsJOKpMDRQqeSktYrtkoMQAAAADB426mJ/c0BiDBDsyETwFU;
path=/; Domain=.cora.fr; Secure; SameSite=None
Set-Cookie: visid_incap_2346747=Dsbf9nV0RN+yazh0zGE893bRUWEAAAAAQUIPAAAAAAD6RV43J8UcxEZJHt07UrHN; expires=Tue, 27 Sep 2022 08:49:53 GMT; HttpOnly; path=/; Domain=.cora.fr; Secure; SameSite=None;
Set-Cookie: incap_ses_476_2346747=qsgAeXWGFRc+6OUn+BebBnbRUWEAAAAAimqhOCYEdQHug9mxUEC0wA==; path=/; Domain=.cora.fr; Secure; SameSite=None
X-Cdn: Imperva
X-Iinfo: 10-120722009-120615528 pNNN RT(1632751989673 0) q(0 0 0 -1) r(4 4) U5

New to VBA : MSXML2.XMLhttp strips session cookies from POST response

I am very new to VBA and trying to scrape through a website. So far I have been able to get cookies from initial get request and use them in POST for a successful login. The next step is to capture the session and user cookies and use them in the subsequent requests.
Unfortunately, this is where my problem begins.
Post successful login I am using .getAllResponseHeaders() to capture all headers but it seems the two cookies (Set-Cookie: xf_user AND Set-Cookie: xf_session) are missing and hence I am not able to capture them for later use. For comparison and easier understanding, I am posting the fiddler (correct) response and response captured by vba (incorrect).
I am not sure what am I doing wrong. Please suggest any options, I am happy to take an alternate approach. I am sure I am very close to success, just need your expert advice.
Fiddler Response
HTTP/1.1 303 See Other
Date: Thu, 30 Apr 2020 04:55:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 30 Apr 2020 04:55:24 GMT
Location: https://f95zone.to/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Set-Cookie: xf_user=19872%2CUsOoxkBS4bzvLttbYhWkicE-JFQ-vBWo2L68LEVS; expires=Fri, 30-Apr-2021 04:55:24 GMT; Max-Age=31536000; path=/; secure; HttpOnly
Set-Cookie: xf_session=nlJRIrZOrbAiQGVAo_wRJhDSKBsy7wKz; path=/; secure; HttpOnly
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 58beab553a76fea5-MEL
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 026b0969420000fea583bd8200000001
Content-Length: 0
VBA Response
date: Thu, 30 Apr 2020 13:47:02 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 13:47:01 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri=""https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct""
server: cloudflare
cf-ray: 58c1b6504d3dfe8d-MEL
alt-svc: h3-27="":443""; ma=86400, h3-25="":443""; ma=86400, h3-24="":443""; ma=86400, h3-23="":443""; ma=86400
cf-request-id: 026cf0462f0000fe8d47804200000001
Snippet From My Code
Set objXMLHTTPSearch = CreateObject("MSXML2.XMLHTTP")
objXMLHTTPSearch.Open "POST", "https://f95zone.to/login/login", False
objXMLHTTPSearch.setRequestHeader "Accept", "text/html, application/xhtml+xml, image/jxr, */*"
objXMLHTTPSearch.setRequestHeader "Accept -Language", "en -US"
objXMLHTTPSearch.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
objXMLHTTPSearch.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objXMLHTTPSearch.setRequestHeader "Accept -Encoding", "gzip , deflate"
objXMLHTTPSearch.setRequestHeader "Host", "f95zone.to"
objXMLHTTPSearch.setRequestHeader "Content-Length", Len(dataSTR)
objXMLHTTPSearch.setRequestHeader "Connection", "Keep -Alive"
objXMLHTTPSearch.setRequestHeader "cache -Control", "no-cache"
objXMLHTTPSearch.withCredentials = True
objXMLHTTPSearch.send dataSTR
statusSearch = objXMLHTTPSearch.status
fetchHeader = objXMLHTTPSearch.getAllResponseHeaders()

Jsessionid Jmeter after login to site

what should i do to corelate i can use different login in jmeter i have already parameterize the value. i am getting stuck with this jsession id
Sample Count: 1
Error Count: 0
Data type ("text"|"bin"|""): text
Response code: 200
Response message: OK
Response headers:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-AREQUESTID: 340x9129744x1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-ASEN: SEN-1047238
Set-Cookie: atlassian.xsrf.token=AVWR-AYBS-V3UU-QQRS|fef17187ee7e13e93c498a08e44fb5c2b90aba75|lout; Path=/
X-AUSERNAME: anonymous
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=3075A3A258CBA5D6131F724E3C0800CC; Path=/; HttpOnly
X-Accel-Buffering: no
Vary: User-Agent
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 07 Oct 2018 09:40:27 GMT
Content-Encoding: gzip
HTTPSampleResult fields:
ContentType: text/html;charset=UTF-8
DataEncoding: UTF-8

Apache 2.4.10 + mod_proxy_fcgi + PHP-FPM with CHROOT => 404 Error

First of all I've tried to set up a basic configuration for Apache 2.4, mod_proxy_fcgi and PHP-FPM on a Debian Jessie (Testing) machine.
Everything works fine when opening .php-files.
However, If I activate chroot for PHP-FPM I only get a "File not found." message inside my browser.
.
Configuration
partial content of apache2.conf
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
</FilesMatch>
content of /var/wwww/html
x1#vm1:~$ ls -l /var/www/html/
-rw-r--r-- 1 www-data www-data 19 Jan 15 23:37 index.php
partial content of /etc/php5/fpm/pool.d/www*
prefix = /var/www/html
chroot = $prefix
chdir = /
catch_workers_output = yes
.Steps / logfiles for searching the error
Apache error.log
[proxy_fcgi:error] [pid 12615:tid 140653535131392] [client 1.2.3.4:123] AH01071: Got error 'Primary script unknown\n'
Apache Access.log
1.2.3.4- - [16/Jan/2015:01:22:58 +0100] "GET /index.php HTTP/1.1" 404 365 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
php5-fpm.log
[16-Jan-2015 01:22:55] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful
[16-Jan-2015 01:22:56] NOTICE: fpm is running, pid 12781
[16-Jan-2015 01:22:56] NOTICE: ready to handle connections
[16-Jan-2015 01:22:56] NOTICE: systemd monitor interval set to 10000ms
Apache error.log with loglevel trace8 and PHP5-FPM chroot on
[core:trace6] [pid 9794:tid 140072171042560] core_filters.c(527): [client 1.2.3.4:61149] core_output_filter: flushing because of FLUSH bucket
[core:trace5] [pid 9794:tid 140072332166912] protocol.c(618): [client 1.2.3.4:61152] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(301): [client 1.2.3.4:61152] Headers received from client:
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Host: example.com
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Connection: keep-alive
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152] Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072332166912] request.c(238): [client 1.2.3.4:61152] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1938): [client 1.2.3.4:61152] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1972): [client 1.2.3.4:61152] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072332166912] mod_proxy.c(1155): [client 1.2.3.4:61152] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(786): [client 1.2.3.4:61152] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(793): [client 1.2.3.4:61152] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2184): [client 1.2.3.4:61152] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2217): [client 1.2.3.4:61152] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2385): [client 1.2.3.4:61152] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:error] [pid 9794:tid 140072332166912] [client 1.2.3.4:61152] AH01071: Got error 'Primary script unknown\n'
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(522): [client 1.2.3.4:61152] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152] Status: 404 Not Found
[proxy_fcgi:trace1] [pid 9794:tid 140072332166912] util_script.c(602): [client 1.2.3.4:61152] Status line from script 'index.php': 404 Not Found
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152] X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152] Content-type: text/html; charset=UTF-8
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072332166912] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072332166912] http_filters.c(1045): [client 1.2.3.4:61152] Response sent with status 404, headers:
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1052): [client 1.2.3.4:61152] Date: Thu, 15 Jan 2015 23:54:44 GMT
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1055): [client 1.2.3.4:61152] Server: Apache
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] Content-Length: 16
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152] Content-Type: text/html; charset=UTF-8
Apache error.log with loglevel trace8 and PHP5-FPM chroot off
[core:trace5] [pid 9794:tid 140072323774208] protocol.c(618): [client 1.2.3.4:61135] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(301): [client 1.2.3.4:61135] Headers received from client:
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Host: example.com
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Connection: keep-alive
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135] Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072323774208] request.c(238): [client 1.2.3.4:61135] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1938): [client 1.2.3.4:61135] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1972): [client 1.2.3.4:61135] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072323774208] mod_proxy.c(1155): [client 1.2.3.4:61135] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(786): [client 1.2.3.4:61135] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(793): [client 1.2.3.4:61135] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2184): [client 1.2.3.4:61135] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2217): [client 1.2.3.4:61135] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2385): [client 1.2.3.4:61135] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(522): [client 1.2.3.4:61135] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135] X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135] Content-type: text/html; charset=UTF-8
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/rss+xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/x-javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/ecmascript'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'text/css'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(175): [client 1.2.3.4:61135] ... matched 'text/html'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' matched
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072323774208] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072323774208] http_filters.c(1045): [client 1.2.3.4:61135] Response sent with status 200, headers:
[...]
[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1052): [client 1.2.3.4:61135] Date: Thu, 15 Jan 2015 23:53:47 GMT
[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1055): [client 1.2.3.4:61135] Server: Apache
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] Vary: Accept-Encoding
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] Content-Length: 2
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135] Content-Type: text/html; charset=UTF-8
As you can see, there is no difference between those two up to the line
AH00947: connected /var/www/html/index.php to httpd-UDS:0
.
Does anyone encountered a similar problem a knows a solution?
Futhermore I've data from tcpdump (while PHP5-FPM was listening on a TCP port instead of using a socket and I've data from sniffing the socket.
If those are needed please let me know - I didn't wanted to make the question too large.
.
Edit:
I've done some further research in hope to localize the problem.
Maybee this helps us further...
PHP-FPM Status page
strace on the worker process (chroot = off)
accept(0, {sa_family=AF_INET, sin_port=htons(50759), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1397, 223489054}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718096640
poll([{fd=5, events=POLLIN}], 1, 5000) = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8) = 8
read(5, "\0\1\1\0\0\0\0\0", 8) = 8
read(5, "\1\4\0\1\3\341\0\0", 8) = 8
read(5, "\t\30UNIQUE_IDVLmGr38AAQEAAAVjkB4AAAAE\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8) = 8
lstat("/var/www/html/index.php", {st_mode=S_IFREG|0644, st_size=538, ...}) = 0
lstat("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
.
strace on the worker process (chroot = on)
accept(0, {sa_family=AF_INET, sin_port=htons(50751), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1208, 313176419}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718077750
poll([{fd=5, events=POLLIN}], 1, 5000) = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8) = 8
read(5, "\0\1\1\0\0\0\0\0", 8) = 8
read(5, "\1\4\0\1\3\341\0\0", 8) = 8
read(5, "\t\30UNIQUE_IDVLmF8n8AAQEAAAVjkB0AAAAS\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8) = 8
lstat("/var/www/html/index.php", 0x7fff98aa5d20) = -1 ENOENT (No such file or directory)
stat("/var/www/html", 0x7fff98aa8160) = -1 ENOENT (No such file or directory)
stat("/var/www", 0x7fff98aa8160) = -1 ENOENT (No such file or directory)
stat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("", 0x7fff98aa8160) = -1 ENOENT (No such file or directory)

When you are using directive
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
</FilesMatch>
script path sended to proxy is full path of file matched by FilesMatch, but this path does not exists in chroot.
Setting doc_root in php.ini solves this problem

Fonts not loading when used subdomain

My project has a problem to load a custom font via font-face. This is happening only when I use my subdomain (static.domain.com) for static resources.
The HTTP server response is 200/OK, but the request in Chrome DevTools is red and the size as 0 bytes, but I can not understand why.
My css for loading the fonts:
#font-face {
font-family: 'flexslider-icon';
src:url('fonts/flexslider-icon.eot');
src:url('fonts/flexslider-icon.eot?#iefix') format('embedded-opentype'),
url('fonts/flexslider-icon.woff') format('woff'),
url('fonts/flexslider-icon.ttf') format('truetype'),
url('fonts/flexslider-icon.svg#flexslider-icon') format('svg');
font-weight: normal;
font-style: normal;
}
Headers of the HTTP request without subdomain:
Remote Address:server-ip:80
Request URL:http://domain.com/resources/vendor/flexslider/fonts/flexslider-icon.ttf
Request Method:GET
Status Code:200 OK
Request Headers]
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:42099b4af021e53fd8fd4e056c2568d7c2e3ffa8=47a0eb41255ef509f4f834a20b5e0a80; WEBSITE_LANGUAGE_ID=1; WEBSITE_LANGUAGE_CODE=pt-br; _gat=1; 2796f347b370f841cf4073d1b3834ec019e6d2f4=d37cabbc36cfaa34508ce57a4ed237e8; __utma=65801017.1238778210.1411492809.1411492809.1411492809.1; __utmb=65801017.10.10.1411492809; __utmc=65801017; __utmz=65801017.1411492809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __zlcmid=Qye50l3YnSWoJv; WEBSITE_FORM_NEWS_TOKEN=%3DAFVxIkVWpVYWxmSW5UVkpWVwA3VVpmRSJlRalVUtVTVUFjWzV1aaNlYHpkdTxmVaN2aKVVVB1TP
Host:domain.com
Pragma:no-cache
Referer:http://domain.com/resources/build/all.css?v=1411407970
User-Agent:Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
Response Headersview source
Accept-Ranges:bytes
Cache-Control:max-age=2592000
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:1201
Content-Type:font/ttf
Date:Tue, 23 Sep 2014 17:43:42 GMT
Expires:Thu, 23 Oct 2014 17:43:42 GMT
Keep-Alive:timeout=5, max=96
Last-Modified:Mon, 23 Jun 2014 20:51:58 GMT
Server:Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 SVN/1.6.11 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary:Accept-Encoding
Headers of the HTTP request with subdomain:
Remote Address:server-ip:80
Request URL:http://static.domain.com/resources/vendor/flexslider/fonts/flexslider-icon.ttf
Request Method:GET
Status Code:200 OK
[Request Headers]
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Host:static.domain.com
Origin:http://domain.com
Pragma:no-cache
Referer:http://static.domain.com/resources/build/all.css?v=1411407970
User-Agent:Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
[Response Headers]
Accept-Ranges:bytes
Cache-Control:max-age=2592000
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:1201
Content-Type:font/ttf
Date:Tue, 23 Sep 2014 17:45:08 GMT
Expires:Thu, 23 Oct 2014 17:45:08 GMT
Keep-Alive:timeout=5, max=97
Last-Modified:Mon, 23 Jun 2014 20:51:58 GMT
Server:Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 SVN/1.6.11 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary:Accept-Encoding
The only notable difference between requests are cookies, that request without the subdomain cookies are not in the request (recalling, that is the goal of using a subdomain requests for static resources).

As the answer given by #aalih in comments, the solution is here:
#font-face fonts only work on their own domain