[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache failed

It 's not the error messages when logrotate reload apache config. I have this problem after a request.

I have two webserver with the same config. And I can see that the two servers receive this request and one of them died after.

I see on the mails in this discussion ( http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html ) that apache gives this error message (client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /) when it receives request from the worm.

When I check the log from this fatal request on the other server, I have this: [Fri Nov 29 15:06:39 2002] [error] [client xxx.xx.x.x] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /[Fri Nov 29 15:06:51 2002] [error] mod_ssl: SSL handshake failed (server xxxxxxx::443, client xxx.xx.x.x (OpenSSL library error follows) [Fri Nov 29 15:06:52 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long

I have this error message +/- 5 times by day. And sometimes, apache died.



Emmanuel Lacour wrote:

On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote:

My webserver with apache (+ mod_ssl) failed when I receive a worms attack.

I see this message in the error log: [error] [client xxx.xxx.xxx.xxx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /

The father process of apache was killed.

I have the last security packages installed on the webserver for apache & mod_ssl.

I see the same problem on the mailing list http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html but I didn't see no clue for this case.

I got a pbm like this (but not really...) on three debian boxes (woody) with apache-ssl.

it seems to appear after a bad reload during logrotate.

it appears:

one time in january on a deb box
one time in july and one other on september on another deb box
one time in october on another deb box

thoses are the only ones and I have a lot of apache-ssl/woody servers
working (maybe 50)

each time I've got the folowing entries in apache logs at logrotate time:

accept_mutex_on: Identifier removed
[alert] Child 4968 returned a Fatal error...
Apache is exiting!

then some hours later (~ 5) apache crashes!!!

My only fix at this time is done by changing reload in logrotate by a
clean stop, sleep, start ... not a good fix, but it's enough and working
for me.

Unfortunatly, I can't debug more as I can't reproduce this and it
doesn't appear very often...

Reply to: