[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#244174: apache: bogus requests create oversized log entries with wrong error code

Package: apache
Severity: normal

I receive many requests looking like "SEARCH /\x90\x02\...." etc. often with
dozens of kB in length. these result in log lines containing apparently the
WHOLE request, followed by 314 (URI too long) and a number of bytes sent in
reply BUT:
1) AFAIK there exists no "SEARCH" request in HTTP1.1, (a grep for "SEARCH"
in the specification text gives no exploitable results)
2) the log entries result in lots of mails sent to me (exactly 48 a day, once
each time the analyzer is running) by my webalizer (analysis of access.log file
in order to produce web statistics) program (these log entries are treated as
errors, which is probably right, and only suppressing ALL error messages would
prevent their apparition)

so, I think the error code should be 405 (method not allowed) or eventually
400 (Bad request), or another 4xx code, and the log lines should stop there
without repeating the whole bogus request.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i586)
Kernel: Linux 2.4.18-bf2.4
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro

Versions of packages apache depends on:
ii  apache-common      Support files for all Apache webse
ii  debconf                     1.3.22       Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libdb4.2                    4.2.52-3     Berkeley v4.2 Database Libraries [
ii  libexpat1                   1.95.6-6     XML parsing C library - runtime li
ii  libmagic1                   4.06-2       File type determination library us
ii  libpam0g                    0.76-14.1    Pluggable Authentication Modules l
ii  logrotate                   3.6.5-2      Log rotation utility
ii  mime-support                3.23-1       MIME files 'mime.types' & 'mailcap
ii  perl                        5.8.3-3      Larry Wall's Practical Extraction 

-- debconf information:
* apache/enable-suexec: false
* apache/server-name: tmtm.homelinux.org
* apache/document-root: /var/www
* apache/server-port: 80
* apache/init: true
* apache/server-admin: norbert@tmtm.homelinux.org

Reply to: