--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: "ErrorDocument 400" not working
- From: Povl Ole Haarlev Olsen <debian@stderr.dk>
- Date: Fri, 12 May 2006 12:16:19 +0200 (CEST)
- Message-id: <Pine.LNX.4.44.0605120527080.11845-100000@noget.stderr.dk.localdomain>
Package: apache
Version: 1.3.26-0woody7
According to my error.log, I have received a couple of requests like this
[Mon May 8 18:06:47 2006] [error] [client 125.247.36.125] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
for quite some time. The request (of course) results in a "400 Bad
Request"-response due to the missing "Host:"-header.
These requests was starting to annoy me, so I was planning to make a small
perl-script, that could insert an iptables DROP on the IP-address
requesting "/w00tw00t.at.ISC.SANS.DFind:)". I would then use
ErrorDocument 400 /cgi-bin/400.cgi
in my httpd.conf to forward the 400-errors to my script.
But it seems that ErrorDocument doesn't always work. The most simple case,
I could come up with, is a static text-file as the 400-error-page:
[- The config -]
www:~# grep 'ErrorDocument 400' /etc/apache/httpd.conf
ErrorDocument 400 /400.txt
[- The config -]
[- The 400-page -]
www:~# cat /var/www/400.txt
400 - Bad Request
[- The 400-page -]
[- The test -]
www:~# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Fri, 12 May 2006 09:23:43 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
185
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.at.ISC.SANS.DFind:)<P>
<HR>
<ADDRESS>Apache/1.3.26 Server at stderr.dk Port 80</ADDRESS>
</BODY></HTML>
0
Connection closed by foreign host.
[- The test -]
As you can see, /var/www/400.txt isn't used for the response.
If I change the config to
[- The new config -]
www:~# grep 'ErrorDocument 400' /etc/apache/httpd.conf
ErrorDocument 400 "400 - Bad Request
[- The new config -]
the "400 - Bad Request"-text is used, which seems to indicate that
"ErrorDocument 400 ..." only works for plain text directly in the config,
but not for local (or external) redirects.
Am I missing something here or is it supposed to work (or rather not work)
like that?
--
Povl Ole Haarlev Olsen
--- End Message ---