LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-16-2003, 11:27 AM   #1
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
SSL + Apache2 = Invalid Method in Request


Hello all. I'm trying to get Apache2 and SSL up and running. I've got apache installed and listening properly on ports 80 and 443. HTTP requests respond properly. HTTPS requests gir the following error in logs/error_log:

Code:
[error] [client x.x.x.x] Invalid method in Request  L^A^C
After some Googling, I know that this is related to my browser speaking SSL, but Apache listening for HTTP. I know that mod_ssl.c is installed properly:
Code:
[root@xsusa logs]# /pub-http/bin/httpd -l | grep ssl
  mod_ssl.c
I'm betting its a problem with one of my conf files, but I've been starting at them too long and its all running together. I need a second set of eyes to examine the conf files below (comments snipped out) and point out my error. TIA.

httpd.conf:
Code:
ServerRoot "/pub-http"

<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#LockFile logs/accept.lock
</IfModule>
</IfModule>

<IfModule !mpm_netware.c>
<IfModule !perchild.c>
#ScoreBoardFile logs/apache_runtime_status
</IfModule>
</IfModule>


<IfModule !mpm_netware.c>
PidFile logs/httpd.pid
</IfModule>


Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

<IfModule prefork.c>
StartServers         5
MinSpareServers      5
MaxSpareServers     10
MaxClients         150
MaxRequestsPerChild  0
</IfModule>

<IfModule worker.c>
StartServers         2
MaxClients         150
MinSpareThreads     25
MaxSpareThreads     75 
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

<IfModule perchild.c>
NumServers           5
StartThreads         5
MinSpareThreads      5
MaxSpareThreads     10
MaxThreadsPerChild  20
MaxRequestsPerChild  0
</IfModule>

<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>

<IfModule beos.c>
StartThreads               10
MaxClients                 50
MaxRequestsPerThread       10000
</IfModule>    

<IfModule mpm_netware.c>
ThreadStackSize      65536
StartThreads           250
MinSpareThreads         25
MaxSpareThreads        250
MaxThreads            1000
MaxRequestsPerChild      0
</IfModule>

<IfModule mpmt_os2.c>
StartServers           2
MinSpareThreads        5
MaxSpareThreads       10
MaxRequestsPerChild    0
</IfModule>


Listen 80
Listen 443

LoadModule php4_module modules/libphp4.so

<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
User nobody
Group #-1
</IfModule>
</IfModule>

ServerAdmin my@email.com
ServerName my.server.com
UseCanonicalName Off
DocumentRoot "/pub-http/htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/pub-http/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

UserDir public_html

DirectoryIndex index.html index.html.var

AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

TypesConfig conf/mime.types
DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off

ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log common

ServerTokens Full
ServerSignature Off

Alias /icons/ "/pub-http/icons/"
<Directory "/pub-http/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Alias /manual "/pub-http/manual"
<Directory "/pub-http/manual">
    Options Indexes FollowSymLinks MultiViews IncludesNoExec
    AddOutputFilter Includes html
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

ScriptAlias /cgi-bin/ "/pub-http/cgi-bin/"
<IfModule mod_cgid.c>
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock            logs/cgisock
</IfModule>
<Directory "/pub-http/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

IndexOptions FancyIndexing VersionSort
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .sv
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
AddLanguage hr .hr

LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw

ForceLanguagePriority Prefer Fallback

AddDefaultCharset ISO-8859-1
AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
AddCharset ISO-8859-3  .iso8859-3  .latin3
AddCharset ISO-8859-4  .iso8859-4  .latin4
AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5        .Big5       .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866       .cp866
AddCharset KOI8-r      .koi8-r .koi8-ru
AddCharset KOI8-ru     .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8       .utf8

AddCharset GB2312      .gb2312 .gb 
AddCharset utf-7       .utf7
AddCharset utf-8       .utf8
AddCharset big5        .big5 .b5
AddCharset EUC-TW      .euc-tw
AddCharset EUC-JP      .euc-jp
AddCharset EUC-KR      .euc-kr
AddCharset shift_jis   .sjis

AddType application/x-tar .tgz
AddType image/x-icon .ico
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml

AddHandler type-map var

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully

<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>
ssl.conf:
Code:
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost *:443>
  DocumentRoot "/pub-http/ssldocs" 
  ServerName my.server.com:443
  ServerAdmin my@email.com
  ErrorLog logs/error_log
  TransferLog logs/access_log
  SSLEngine on

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile /usr/local/ssl/install/openssl/certs/my.server.com.cert
  SSLCertificateKeyFile /usr/local/ssl/install/openssl/key/my.server.com.key
  
  <Files ~ "\.(html|cgi|shtml|phtml|php|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/pub-http/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

<VirtualHost *:80>
  SSLEngine off
  ServerName my.server.com
  ServerAdmin my.email.com
  DocumentRoot "/pub-http/htdocs"
  ErrorLog "logs/error_log"
  TransferLog "logs/access_log"
</VirtualHost>
</IfDefine>

Last edited by TruckStuff; 04-16-2003 at 11:29 AM.
 
Old 04-16-2003, 08:05 PM   #2
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Original Poster
Rep: Reputation: 30
ttt for the evening crowd.
 
Old 07-23-2003, 07:28 PM   #3
gabriele_101
Member
 
Registered: Oct 2001
Location: CAMBRIDGE, MA USA
Distribution: RH9 Kernel 2.4.20-18.9
Posts: 69

Rep: Reputation: 15
Any news on this front? I'm having the same annoying thing happen.
 
Old 08-16-2003, 03:18 PM   #4
spiderMonkey
LQ Newbie
 
Registered: Aug 2003
Posts: 1

Rep: Reputation: 0
Any news on this front? I'm having the same annoying thing happen.

probably too late to help you guys, but i'll post here for reference purposes (i had the same problem and googled my way here)

first off, make sure your sslengine is enabled in /etc/httpd/conf.d/ssl.conf

second, your virtual host name should match exactly with the virtual host in /etc/httpd/conf/httpd.conf'

finally, in ssl.conf, the virtual host name should only listen to port 443, otherwise https will work great but http will not.

hope this helps!
 
Old 08-16-2003, 03:48 PM   #5
gabriele_101
Member
 
Registered: Oct 2001
Location: CAMBRIDGE, MA USA
Distribution: RH9 Kernel 2.4.20-18.9
Posts: 69

Rep: Reputation: 15
An additional note:

I have two virtual host declarations for both ports 80 and 443, but had to add two NameVirtualHost entries to get it to work:
Code:
NameVirtualHost 192.132.12.8:80
NameVirtualHost 192.132.12.8:443
Then
Code:
<VirtualHost 192.132.12.8:80>
  ServerName ping-pong.foo-bar.com
  [... other stuff ...]
</VirtualHost>
<VirtualHost 192.132.12.8:443>
  ServerName ping-pong.foo-bar.com
  [... other stuff ...]
</VirtualHost>
This is one of the many alterations to httpd.conf that I did, but it's the last thng that removed the last of the problems I was having. Just thought that I would share it.

Additioinally, for those that are curious, you can only have SSL certificate per IP address, so although your virtual hosts can share that same cert, they will all get the same, identical cert. Hence, if your cert is for "*.foo-bar.com", and all your hosts are subdomains of "foo-bar.com" (note, "foo-bar.com" seems to work with many browsers too!) then you should not have significant issues as most browsers now (even IE, believe it or not) recognize wildcard certs, but if you want www.foo-bar.com AND www.ping-pong.com to work, you'll need to bind each to a different IP address. Oh well.
 
Old 08-29-2004, 04:29 AM   #6
pimp1911
LQ Newbie
 
Registered: Aug 2004
Distribution: Centos 5.x
Posts: 10

Rep: Reputation: 0
I had the same problem. And I changed my httpd.conf according to what gabriele_101 posted and it works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 10:07 AM
Apache2 and SSL problems Malibyte Linux - Software 1 07-09-2005 05:14 PM
Somebody kill my Apache with "Invalid method in request", please help... hurieka Linux - Security 4 06-15-2005 12:29 AM
Squirrel Mail Error- Could not complete request. Invalid mask vdi_nenna Linux - Software 0 09-04-2004 12:25 PM
[Apache-SSL]: Invalid method in request !g!! Gahan Linux - Software 0 07-22-2003 05:39 PM


All times are GMT -5. The time now is 09:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration