Re: apache failed

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: apache failed
From: Mathieu Laurent <mathieu.laurent@qwentes.be>
Date: Mon, 02 Dec 2002 14:59:32 +0100
Message-id: <3DEB6744.3010101@qwentes.be>
Reply-to: mathieu.laurent@qwentes.be
In-reply-to: <20021202132122.GF1972@easter-eggs.com>
References: <3DEB4354.9090303@qwentes.be> <20021202132122.GF1972@easter-eggs.com>

It 's not the error messages when logrotate reload apache config. I havethis problem after a request.

I have two webserver with the same config. And I can see that the twoservers receive this request and one of them died after.

I see on the mails in this discussion (http://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.html) that apache gives this error message (client sent HTTP/1.1 requestwithout hostname (see RFC2616 section 14.23): /) when it receivesrequest from the worm.

When I check the log from this fatal request on the other server, I havethis:[Fri Nov 29 15:06:39 2002] [error] [client xxx.xx.x.x] client sentHTTP/1.1 request without hostname (see RFC2616 section 14.23): /[Fri Nov29 15:06:51 2002] [error] mod_ssl: SSL handshake failed (serverxxxxxxx::443, client xxx.xx.x.x (OpenSSL library error follows)[Fri Nov 29 15:06:52 2002] [error] OpenSSL: error:1406B458:SSLroutines:GET_CLIENT_MASTER_KEY:key arg too long


I have this error message +/- 5 times by day. And sometimes, apache died.

Thanks

Mathieu



Emmanuel Lacour wrote:

On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote:

Hi,

My webserver with apache (+ mod_ssl) failed when I receive a worms attack.
I see this message in the error log: [error] [client xxx.xxx.xxx.xxx]client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
The father process of apache was killed.
I have the last security packages installed on the webserver for apache& mod_ssl.
I see the same problem on the mailing listhttp://lists.debian.org/debian-security/2002/debian-security-200209/msg00303.htmlbut I didn't see no clue for this case.


I got a pbm like this (but not really...) on three debian boxes (woody) with apache-ssl.

it seems to appear after a bad reload during logrotate.

it appears:

one time in january on a deb box
one time in july and one other on september on another deb box
one time in october on another deb box

thoses are the only ones and I have a lot of apache-ssl/woody servers
working (maybe 50)

each time I've got the folowing entries in apache logs at logrotate time:

accept_mutex_on: Identifier removed
[alert] Child 4968 returned a Fatal error...
Apache is exiting!


then some hours later (~ 5) apache crashes!!!


My only fix at this time is done by changing reload in logrotate by a
clean stop, sleep, start ... not a good fix, but it's enough and working
for me.


Unfortunatly, I can't debug more as I can't reproduce this and it
doesn't appear very often...

Reply to:

Follow-Ups:
- Re: apache failed
  - From: Emmanuel Lacour <elacour@easter-eggs.com>

References:
- apache failed
  - From: Mathieu Laurent <mathieu.laurent@qwentes.be>
- Re: apache failed
  - From: Emmanuel Lacour <elacour@easter-eggs.com>

Prev by Date: Re: apache failed
Next by Date: Re: apache failed
Previous by thread: Re: apache failed
Next by thread: Re: apache failed
Index(es):
- Date
- Thread