here's the problem: when requesting url like - http://server/path/to/file.html?param=../../something/something i get response:
500 Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
...
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
log says:
xxx.xxx.xxx.xxx - - [05/Mar/2010:13:43:29 -0500] "GET /path/to/file.html?param=../../something/something HTTP/1.1" 404 - "-" ...
if i remove one instance of '../' in query string (request http://server/path/to/file.html?param=../something/something ), i get the reqested page. it gives error only on two or more '../'s.
this is on some hosting server, and the same thing gives no error on my local servers (LAMP, WAMP). i suppose it's about apache configuration, but i don't know what options to check.
Apache2.2.14 (Unix) is in question, PHP is installed (but it clearly doesn't have anything to do with PHP when i'm requesting plain ol' HTML file), mod_rewrite rules are disabled (no .htaccess files in requested file's path).
any ideas on how to succeed passing multiple '../'s in query string?
turned out to be security precaution enabled by default by hosting provider - not allowing 'backpaths', but i'm not sure which one, and where it's set.
Related
If a visitor gets 404 error, nothing is written in apache error.log. In access log it appears like this:
GET /qqq HTTP/1.1" 404 409 "-"
And nothing in error.log. I have tried everything about LogLevel. As I understand, it is because that 404 page is custom page like
ErrorDocument 404 /new404.html
But I run search through all /etc/apache2 for text "404" in files and nothing was found there (instead of commented lines). What can be the problem? Or maybe I can somehow disable custom 404 page in .htaccess file? Or any other ways to display 404 errors in error.log?
As the person who filed the Apache bug which demoted 404 from Error to Info level as of Apache 2.4.1, here's the justification:
In production HTTP servers open to the Internet, 404s happen all the time. Malware, scanner scripts, and all sorts of other things probe Web servers for vulnerabilities or just because they can, and these things would all trigger errors which will end up being logged somewhere if the appropriate error level is set.
Most production Web server admins are content with seeing 404s in their access logs (which are logged right alongside 200s and 30x redirects), and want to see real server problems -- things they have control over fixing -- in the error log. The logging of 404s in error.log can, in some servers, be so much log spam that it drowns out legitimate problems needing the administrator's attention.
404 is a content issue, not a server issue. So my recommendation is to look in your access.log (or equivalent) for them. If you really want content related issues logged in error.log, you need to set LogLevel core:info. This will give you 404s there, and a few other kinds of content-related error messages too.
404 "errors" don't normally appear in the Apache error log, regardless of whether you have a custom ErrorDocument defined or not.
A 404 error is not strictly a server error. It's an expected HTTP response, so it naturally appears in the access log (as you have stated), not in the error log. The "404" is the HTTP response code, not a server error code.
However, you should be able to enable additional "information" messages in your error logging (eg. LogLevel info on Apache 2.4) to get this "information" in your system error log:
[Mon Feb 06 08:00:00.090525 2017] [core:info] [pid 13876:tid 1748] [client 203.0.113.111:54493] AH00128: File does not exist: /home/user/public_html/path/to/file
Note, however, that there is no mention of "404" - which maybe why your searches came up blank. This LogLevel should not be maintained on a production server.
Maybe this helps somebody...
I had zombie apache instances running (with a slightly different config loaded), and every other request for a static resource defined using an Alias was 404-ing.
Killed the zombies and all good...
404 is a server response, not a error.
You can get the 404 log doing something like:
cat /var/log/apache2/access_log | grep " 404 " | awk -F' ' '{print $4," ",$5,"-",$7}' > /root/404.log
and adjust the awk as you need!
Someone said that Apache Shows 503 details in the error log, but my nginx logs 503 errors in access.log.
Are 503 errors supposed to be logged as access or error?
Apache logs 503 errors in the access log, just like nginx.
There's an easy way to test it. Just add this rewrite rule to a temporary website, monitor the access log, and you'll see the 503 request.
RewriteRule .* - [R=503,L]
Actually, 503 errors mean something wrong happened between the server handling the request and the final destination of the request.
Typical scenarios are load balancing or proxy servers. In case you use Apache or nginx to proxy requests to another server and this second server isn't available, a 503 could happen, but there's no error per se on the Apache or nginx side, hence the error being logged as an access.
In my Apache error log I can see the following errors has caught on enormous amount everyday.
[Tue Jan 15 13:37:39 2013] [error] [client 66.249.78.53] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
When I check the corroesponding IP, Date and Time with the access log I can see the following
66.249.78.53 - - [15/Jan/2013:13:37:39 +0000] "GET /robots.txt HTTP/1.1" 500 821 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
I've tested my robot.txt file in the Google Webmster tool -> Health -> Blocked URLs and it's fine.
Also when some images accessed by bot's it throw the following error,
Error_LOG
[Tue Jan 15 12:14:16 2013] [error] [client 66.249.78.15] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
Accessed_URL
66.249.78.15 - - [15/Jan/2013:12:14:16 +0000] "GET /userfiles_generic_imagebank/1335441506.jpg?1 HTTP/1.1" 500 821 "-" "Googlebot-Image/1.0"
Actually the above image URL (and several other images in our access log) are not available on our site (they were available before a website revamp that we did in August 2012), and we thrown 404 errors when we go to those invalid resources.
However once in a while, it seems that bots (and even human visitors) generate this type of error in our access/error log, only for static resources like images that don't exist, and our robots.txt file. The server throws a 500 error for them, but actually when I try it from my browser - the images are 404 and the robots.txt is 200 (success).
We are not sure why this is happening and howcome a valid robot.txt and inavalid image can throw a 500 error. We do have a .htaccess file and we are sure that our (Zend framework) application is not being reached, because we have a separate log for that. Therefore, the server itself (or.htaccess) is throwing the 500 error "once in a while" and I can't imagine why. Could it be due to too many requests to the server, or how can I debug this further?
Note that we only noticed these errors after our design revamp, but the web server itself stayed the same
It might be useful to log the domain that the client is accessing. Your server might be accessible via multiple domains, including the raw IP address. When you're testing, you're doing so via the primary domain and everything works as expected. What if you try to access the same files via your IP (http://1.2.3.4/robots.txt) vs. the domain (http://example.com/robots.txt)? Also example.com vs. www.example.com or any other variation that points to the server.
Bots can sometimes hold on to IP/domain info long after an address has changed and may be attempting to access something that the rules were changed for months ago.
I've been dealing with this whole day and still can't figure it out.
I've setup Zabbix on one machine, and I want to monitor the Apache server on another machine.
I've completed all the steps described in the docs: http://www.zabbix.com/wiki/templates/apache
and still I get no data in the Apache Template. When checking the logs on the Apache server, I can see in access.log:
IPADDR - - [16/Jul/2012:13:29:08 +0000] "GET /server-status?auto HTTP/1.0" 404 13826 "-" "Python-urllib/1.17"
I think it might has something to do with Virtual Servers and additional sites I have on that machine, but I can't figure it out, and nothing mentioned in the docs...
The Apache checks are not as clever as you may think.
Can Zabbix communicate with your apache server? Link it to a template with something simple like "uptime" and verify that it indeed gets data.
Next, verify that there aren't any firewall rules prevent the zabbix server from communicating with your web server. Can you curl your homepage from the zabbix host without problems?
Are the apache checks active checks? If so you'll need to make sure active checks are enabled in the /etc/zabbix/zabbix-agentd.conf file and that the "Hostname" within the conf is unique and matching up correctly with what you have in the zabbix server.
If that fails, change the DebugLevel to 4 in /etc/zabbix-agentd.conf and tail the zabbix log. Look and see if it is having trouble with any checks.
This is an apache configuration problem, zabbix can't do anything if /server-status yields a 404 error.
Maybe the <Location /server-status>...</Location> directive is not at the right place in apache's configuration.
Try to move it inside the <VirtualHost> section of the specific virtual server to which the GET /server-status is routed.
Also make sure that mod_status is enabled.
I'm having a problem implementing custom 404 error pages. my setup is a front-end apache 2.2.6 proxy request other than static file to the backend app server(apache 1.3.36)
i send 404 header back along with error page when user request a non-existing page to the backend server. I do get the error page back but somehow the backend apache server injects its own 404 not found page in the error page as well.
here is what injected to the not found page by apache:
Not Found
The requested URL /product/8jd4776 was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.36 Server at www.example.com Port 8888
any idea why this is happening?
set "ProxyErrorOverride On" with ErrorDocument in the front-end apache server solve the problem.
The content length of your custom 404 message must be 512 bytes or more.