[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#851357: Regression: No longer supports ServerName containing underscore

It doesn't help that the apache docs on the ServerName directive seem to use domainname and hostname interchangeably (While the restrictions you mentioned only apply to hostnames)

> Description:	Hostname and port that the server uses to identify itself
> Syntax:	ServerName [scheme://]domain-name|ip-address[:port]

Does this mean it's now impossible to create virtual hosts in apache for domain names with underscores?

Unless they've silently added a DomainName directive somewhere this change breaks virtual hosts with internationalized domain names too since as you mentioned hostnames have to be /[a-z0-9]([a-z0-9-]*[a-z0-9])?/i

Since ServerName has historically acted as it takes a domainname I imagine it would be smarter for upstream to change the docs to use the word Domainname rather than change the functionality to break a few million domains.

On 01/14/2017 11:53 AM, Ondřej Surý wrote:
Hi Jonathan,

while I agree that such changes should not happen within one Debian
release and the maintainer might want to relax the rules for the
package, the ServerName accepts a hostname as a parameter and a valid
hostname cannot contain underscore. So the Apache is behaving correctly
here not accepting invalid hostname.

Cheers, Ondřej

On 14 January 2017 11:42:11 Jonathan Vollebregt <jnvsor@gmail.com> wrote:

Package: apache2
Version: 2.4.25-1
Severity: important

Dear Maintainer,

somewhere between 2.4.23-8 and 2.4.25-1 there was a regression that
apache to ignore ServerName directives containing underscores.

I have since tested and confirmed that removing the underscore fixes the
problem as does installing version 2.4.10-10+deb8u7

There is nothing in the error log indicating a problem (Not
surprising since it's not recognising the virtualhost at all)

The site conf file:

    $ cat /etc/apache2/sites-available/kint_test.conf
    <VirtualHost *:80>
        ServerName kint_test.local
        ServerAdmin webmaster@localhost
        DocumentRoot /home/j/localhost/kint_test
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

The folder in question: (chmod -R 777, and other sites under
/home/j/localhost work fine so it's not a file permission issue)

    $ ls -l /home/j/localhost/kint_test
    total 8
    -rwxrwxrwx 1 j j 0 Jan 14 11:18 index.html

Relevant part of apache2.conf:

    <Directory /home/j/localhost>
        Options Indexes FollowSymLinks
        AllowOverride All

        Require ip 192.168
        Require local

Relevant part of hosts file:

    $ grep kint_test /etc/hosts    kint_test.local

Server response:

    $ curl kint_test.local
    <title>400 Bad Request</title>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not
understand.<br />
    <p>Additionally, a 400 Bad Request
    error was encountered while trying to use an ErrorDocument to
handle the request.</p>
    <address>Apache/2.4.25 (Debian) Server at Port 80</address>

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'testing'), (700,
'experimental'),   (600, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.25-1
ii  apache2-data         2.4.25-1
ii  apache2-utils        2.4.25-1
ii  dpkg                 1.18.18
ii  init-system-helpers  1.46
ii  lsb-base             9.20161125
ii  mime-support         3.60
ii  perl                 5.24.1~rc4-1
pn  perl:any             <none>
ii  procps               2:3.3.12-3

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.38

Versions of packages apache2 suggests:
ii  apache2-doc                                      2.4.25-1
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  chromium [www-browser]                           55.0.2883.75-2
ii  firefox-esr [www-browser]                        45.6.0esr-1
ii  lynx [www-browser]                               2.8.9dev11-1
ii  w3m [www-browser]                                0.5.3-34

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.2-5
ii  libaprutil1              1.5.4-3
ii  libaprutil1-dbd-sqlite3  1.5.4-3
ii  libaprutil1-ldap         1.5.4-3
ii  libc6                    2.24-8
ii  libldap-2.4-2            2.4.44+dfsg-3
ii  liblua5.2-0              5.2.4-1.1+b1
ii  libnghttp2-14            1.18.1-1
ii  libpcre3                 2:8.39-2
ii  libssl1.0.2              1.0.2j-5
ii  libxml2                  2.9.4+dfsg1-2.1
pn  perl:any                 <none>
ii  zlib1g                   1:1.2.8.dfsg-4

Versions of packages apache2-bin suggests:
ii  apache2-doc                                      2.4.25-1
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  chromium [www-browser]                           55.0.2883.75-2
ii  firefox-esr [www-browser]                        45.6.0esr-1
ii  lynx [www-browser]                               2.8.9dev11-1
ii  w3m [www-browser]                                0.5.3-34

Versions of packages apache2 is related to:
ii  apache2      2.4.25-1
ii  apache2-bin  2.4.25-1

-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]

-- no debconf information

Reply to: