[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#677086: apache2-mpm-prefork: apache2 sends "400 bad request" on POST from some firefox browsers

Package: apache2-mpm-prefork
Version: 2.2.16-6+squeeze7
Severity: important
Tags: squeeze

Some of our users are not able to upload a file via POST Request by using their
firefox browser. They get error 400 Bad Request.

apache error.log: "request failed: error reading the headers"

The problem is reproducible (on the affected systems) and the filesize ist
important. Small files (~100 KB) work and larger files (~2 MB) do not.

Affected Browsers/Operating Systems (client side):
- it seems that only a few (~1%) of our firefox users run into that problem by
uploading a file. Normal GET requests are not affected.
- all versions of firefox are affected.
- different operating systems are affected: WinXP, Vista, 7, Mac
- no common plugins found on the affected browsers, but running firefox in
"safe-mode" solves the problem (= then the upload is possible).
- different antivirus and security suites used by the users.

Affected Webservers/Operating Systems (server side):
- only apache <= 2.2.16 (squeeze) seems to be affected. (Apache 2.2.9, Debian;
Apache 2.2.10, SUSE)
- the affected clients also have this problem when uploading a file to other
companies webservers (if they are <= apache 2.2.16)
- apache 2.2.22 (wheezy) seems to work correctly.
- nginx, IIS also worked correctly

I installed a server for TESTING and run tshark to capture the packets.
- http://uploadtest.puzzleandplay.de/goodrequest.png (upload a small file, it
works)
- http://uploadtest.puzzleandplay.de/badrequest.png (upload a large file, it
did NOT work)

Related (known) Problems did not help to solve the problem:
- http://stackoverflow.com/questions/9921052/400-bad-request-when-uploading-a
-file-from-firefox-11-mac-osx

Well, I am not sure if firefox or apache is responsible for that problem. BUT
many different users are affected and in apache 2.2.22 the problem seems to be
solved. I hope that a solution can be found for 2.2.16 (squeeze). I do not want
to upgrade to wheezy on a production system ;-)

Thanks,
Thomas


Details of apache 2.2.22:
====================
ii  apache2-mpm-prefork             2.2.22-5                     Apache HTTP
Server - traditional non-threaded model

Details of apache 2.2.16:
====================
ii  apache2-mpm-prefork                 2.2.16-6+squeeze7            Apache
HTTP Server - traditional non-threaded model



-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_svn authz_user autoindex cgi dav_fs dav dav_svn
  deflate dir env expires log_forensic mime negotiation php5
  reqtimeout rewrite setenvif ssl status unique_id vhost_alias
List of enabled php5 extensions:
  curl gd http imagick mcrypt memcache mysql mysqli pdo pdo_mysql
  ssh2 suhosin uploadprogress

-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (300, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2-mpm-prefork depends on:
ii  apache2.2-bin          2.2.16-6+squeeze7 Apache HTTP Server common binary f
ii  apache2.2-common       2.2.16-6+squeeze7 Apache HTTP Server common files

apache2-mpm-prefork recommends no packages.

apache2-mpm-prefork suggests no packages.
Reply to: