Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
11-19-2007, 12:13 AM
#1
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Rep:
Apache not understanding service requests on FC8
Hello friends
I have just installed FC8.
httpd has started successfuly. I have copied all my php scripts into the /var/www/html (server's document root).But when I try to access the home page, the browser displays
Code:
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at 10.68.184.137 Port 80
I have checked everything that could come to my mind.
Can anyone tell how to solve this problem.
Thanks in advance.
Prabhat Soni
11-19-2007, 02:18 AM
#2
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
what is the request you are sending? use a tool like wireshark on your client to capture the http request, or try a developer tool for firefox to get the same effect.
11-19-2007, 06:37 AM
#3
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
Sir,
I have run wireshark, and found the following:
Code:
No. Time Source Destination Protocol Info
4 0.000030 127.0.0.1 127.0.0.1 HTTP GET / HTTP/1.1
Frame 4 (480 bytes on wire, 480 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: 52692 (52692), Dst Port: http (80), Seq: 1, Ack: 1, Len: 414
Source port: 52692 (52692)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
[Next sequence number: 415 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
Window size: 32800 (scaled)
Checksum: 0xffc6 [incorrect, should be 0x082a (maybe caused by "TCP checksum offload"?)]
Options: (12 bytes)
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 0.000037 127.0.0.1 127.0.0.1 TCP http > 52692 [ACK] Seq=1 Ack=415 Win=33856 Len=0 TSV=3584218 TSER=3584218
Frame 5 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: http (80), Dst Port: 52692 (52692), Seq: 1, Ack: 415, Len: 0
Source port: http (80)
Destination port: 52692 (52692)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 415 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
Window size: 33856 (scaled)
Checksum: 0x7975 [correct]
Options: (12 bytes)
[SEQ/ACK analysis]
No. Time Source Destination Protocol Info
6 0.636904 127.0.0.1 127.0.0.1 HTTP HTTP/1.1 400 Bad Request (text/html)
Frame 6 (583 bytes on wire, 583 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: http (80), Dst Port: 52692 (52692), Seq: 1, Ack: 415, Len: 517
Source port: http (80)
Destination port: 52692 (52692)
Sequence number: 1 (relative sequence number)
[Next sequence number: 518 (relative sequence number)]
Acknowledgement number: 415 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
Window size: 33856 (scaled)
Checksum: 0x002e [incorrect, should be 0xb255 (maybe caused by "TCP checksum offload"?)]
Options: (12 bytes)
Hypertext Transfer Protocol
Line-based text data: text/html
I gather there are two things:
1. Incorrect Checksum
2. Bad Request (text/html)
What is more this incorrect checksum and the bad request instances are regular feature of the ouput.
I don't know what to make of it ?
Perhaps you can help me.
Thanks.
Prabhat Soni
Last edited by prabhatsoni; 11-19-2007 at 06:52 AM .
11-19-2007, 06:51 AM
#4
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
unusual to have got that far, but what you want to be looking at here is the contents of the html section. I take it you exported the wireshark packets to a text file and then pasted in? in wireshark expand the bottom section and you'll see the raw http requests right there.
the checksum "error" is nothign to worry about btw.
11-19-2007, 11:32 PM
#5
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
OK sir
The bottom frame of the wireshark output window is as below:
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 3c 74 e1 40 00 40 06 c7 d8 7f 00 00 01 7f 00 .<t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f1 36 00 00 00 00 a0 02 ...J.P.. .6......
0030 80 18 d4 a5 00 00 02 04 40 0c 04 02 08 0a 00 21 ........ @......!
0040 85 d7 00 00 00 00 01 03 03 05 ........ ..
Can you make something about it ?
PS: I think this is incomplete. Let me try to grab the complete output.
Prabhat Soni
Last edited by prabhatsoni; 11-19-2007 at 11:35 PM .
11-19-2007, 11:47 PM
#6
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
OK I will post raw data for five or six frames:
Frame 1 - summary
Code:
1 0.000000 127.0.0.1 127.0.0.1 TCP 46666 > http [SYN] Seq=0 Len=0 MSS=16396 TSV=2196951 TSER=0 WS=5
Frame 1: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 3c 74 e1 40 00 40 06 c7 d8 7f 00 00 01 7f 00 .<t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f1 36 00 00 00 00 a0 02 ...J.P.. .6......
0030 80 18 d4 a5 00 00 02 04 40 0c 04 02 08 0a 00 21 ........ @......!
0040 85 d7 00 00 00 00 01 03 03 05 ........ ..
Frame 2: summary
Code:
2 0.000012 127.0.0.1 127.0.0.1 TCP http > 46666 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 TSV=2196951 TSER=2196951 WS=5
Frame 2: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 3c 00 00 40 00 40 06 3c ba 7f 00 00 01 7f 00 .<..@.@. <.......
0020 00 01 00 50 b6 4a 8c af 35 6a 8d 1f f1 37 a0 12 ...P.J.. 5j...7..
0030 80 00 8c 9a 00 00 02 04 40 0c 04 02 08 0a 00 21 ........ @......!
0040 85 d7 00 21 85 d7 01 03 03 05 ...!.... ..
Frame 3: summary
Code:
3 0.000020 127.0.0.1 127.0.0.1 TCP 46666 > http [ACK] Seq=1 Ack=1 Win=32800 Len=0 TSV=2196951 TSER=2196951
Frame 3: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 74 e2 40 00 40 06 c7 df 7f 00 00 01 7f 00 .4t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f1 37 8c af 35 6b 80 10 ...J.P.. .7..5k..
0030 04 01 71 bc 00 00 01 01 08 0a 00 21 85 d7 00 21 ..q..... ...!...!
0040 85 d7 ..
Frame 4: summary
Code:
4 0.000029 127.0.0.1 127.0.0.1 HTTP GET / HTTP/1.1
Frame 4: Summary
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 01 d2 74 e3 40 00 40 06 c6 40 7f 00 00 01 7f 00 ..t.@.@. .@......
0020 00 01 b6 4a 00 50 8d 1f f1 37 8c af 35 6b 80 18 ...J.P.. .7..5k..
0030 04 01 ff c6 00 00 01 01 08 0a 00 21 85 d7 00 21 ........ ...!...!
0040 85 d7 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 ..GET / HTTP/1.1
0050 0d 0a 48 6f 73 74 3a 20 31 32 37 2e 30 2e 30 2e ..Host: 127.0.0.
0060 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 1..User- Agent: M
0070 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 58 31 31 3b ozilla/5 .0 (X11;
0080 20 55 3b 20 4c 69 6e 75 78 20 69 36 38 36 3b 20 U; Linu x i686;
0090 65 6e 2d 55 53 3b 20 72 76 3a 31 2e 38 2e 31 2e en-US; r v:1.8.1.
00a0 39 29 20 47 65 63 6b 6f 2f 32 30 30 37 31 31 30 9) Gecko /2007110
00b0 35 20 46 65 64 6f 72 61 2f 32 2e 30 2e 30 2e 39 5 Fedora /2.0.0.9
00c0 2d 31 2e 66 63 38 20 46 69 72 65 66 6f 78 2f 32 -1.fc8 F irefox/2
00d0 2e 30 2e 30 2e 39 0d 0a 41 63 63 65 70 74 3a 20 .0.0.9.. Accept:
00e0 74 65 78 74 2f 78 6d 6c 2c 61 70 70 6c 69 63 61 text/xml ,applica
00f0 74 69 6f 6e 2f 78 6d 6c 2c 61 70 70 6c 69 63 61 tion/xml ,applica
0100 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 74 tion/xht ml+xml,t
0110 65 78 74 2f 68 74 6d 6c 3b 71 3d 30 2e 39 2c 74 ext/html ;q=0.9,t
0120 65 78 74 2f 70 6c 61 69 6e 3b 71 3d 30 2e 38 2c ext/plai n;q=0.8,
0130 69 6d 61 67 65 2f 70 6e 67 2c 2a 2f 2a 3b 71 3d image/pn g,*/*;q=
0140 30 2e 35 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 0.5..Acc ept-Lang
0150 75 61 67 65 3a 20 65 6e 2d 75 73 2c 65 6e 3b 71 uage: en -us,en;q
0160 3d 30 2e 35 0d 0a 41 63 63 65 70 74 2d 45 6e 63 =0.5..Ac cept-Enc
0170 6f 64 69 6e 67 3a 20 67 7a 69 70 2c 64 65 66 6c oding: g zip,defl
0180 61 74 65 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 ate..Acc ept-Char
0190 73 65 74 3a 20 49 53 4f 2d 38 38 35 39 2d 31 2c set: ISO -8859-1,
01a0 75 74 66 2d 38 3b 71 3d 30 2e 37 2c 2a 3b 71 3d utf-8;q= 0.7,*;q=
01b0 30 2e 37 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 0.7..Kee p-Alive:
01c0 20 33 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 300..Co nnection
01d0 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a : keep-a live....
Frame 5: summary
Code:
5 0.000037 127.0.0.1 127.0.0.1 TCP http > 46666 [ACK] Seq=1 Ack=415 Win=33856 Len=0 TSV=2196951 TSER=2196951
Frame 5: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 b0 bc 40 00 40 06 8c 05 7f 00 00 01 7f 00 .4..@.@. ........
0020 00 01 00 50 b6 4a 8c af 35 6b 8d 1f f2 d5 80 10 ...P.J.. 5k......
0030 04 22 6f fd 00 00 01 01 08 0a 00 21 85 d7 00 21 ."o..... ...!...!
0040 85 d7 ..
Frame 6: summary
Code:
6 0.001973 127.0.0.1 127.0.0.1 HTTP HTTP/1.1 400 Bad Request (text/html)
Frame 6: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 02 39 b0 bd 40 00 40 06 89 ff 7f 00 00 01 7f 00 .9..@.@. ........
0020 00 01 00 50 b6 4a 8c af 35 6b 8d 1f f2 d5 80 18 ...P.J.. 5k......
0030 04 22 00 2e 00 00 01 01 08 0a 00 21 85 d9 00 21 ."...... ...!...!
0040 85 d7 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 ..HTTP/1 .1 400 B
0050 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 ad Reque st..Date
0060 3a 20 54 75 65 2c 20 32 30 20 4e 6f 76 20 32 30 : Tue, 2 0 Nov 20
0070 30 37 20 30 35 3a 33 33 3a 31 33 20 47 4d 54 0d 07 05:33 :13 GMT.
0080 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f .Server: Apache/
0090 32 2e 32 2e 30 20 28 46 65 64 6f 72 61 29 0d 0a 2.2.0 (F edora)..
00a0 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content- Length:
00b0 33 33 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 336..Con nection:
00c0 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d close.. Content-
00d0 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b Type: te xt/html;
00e0 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 charset =iso-885
00f0 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 9-1....< !DOCTYPE
0100 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f HTML PU BLIC "-/
0110 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 /IETF//D TD HTML
0120 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 2.0//EN" >.<html>
0130 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 <head>.< title>40
0140 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 0 Bad Re quest</t
0150 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f itle>.</ head><bo
0160 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 dy>.<h1> Bad Requ
0170 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 est</h1> .<p>Your
0180 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 browser sent a
0190 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 request that thi
01a0 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e s server could n
01b0 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 ot under stand.<b
01c0 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c r />.</p >.<hr>.<
01d0 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 address> Apache/2
01e0 2e 32 2e 30 20 28 46 65 64 6f 72 61 29 20 53 65 .2.0 (Fe dora) Se
01f0 72 76 65 72 20 61 74 20 3c 61 20 68 72 65 66 3d rver at <a href=
0200 22 6d 61 69 6c 74 6f 3a 72 6f 6f 74 40 6c 6f 63 "mailto: root@loc
0210 61 6c 68 6f 73 74 22 3e 31 32 37 2e 30 2e 30 2e alhost"> 127.0.0.
0220 31 3c 2f 61 3e 20 50 6f 72 74 20 38 30 3c 2f 61 1</a> Po rt 80</a
0230 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c ddress>. </body><
0240 2f 68 74 6d 6c 3e 0a /html>.
Frame 7: summary
Code:
7 0.002027 127.0.0.1 127.0.0.1 TCP 46666 > http [ACK] Seq=415 Ack=518 Win=33888 Len=0 TSV=2196953 TSER=2196953
Frame 7: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 74 e4 40 00 40 06 c7 dd 7f 00 00 01 7f 00 .4t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f2 d5 8c af 37 70 80 10 ...J.P.. ....7p..
0030 04 23 6d f3 00 00 01 01 08 0a 00 21 85 d9 00 21 .#m..... ...!...!
0040 85 d9 ..
Frame 8: summary
Code:
8 0.002361 127.0.0.1 127.0.0.1 TCP 46666 > http [FIN, ACK] Seq=415 Ack=518 Win=33888 Len=0 TSV=2196953 TSER=2196953
Frame 8: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 74 e5 40 00 40 06 c7 dc 7f 00 00 01 7f 00 .4t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f2 d5 8c af 37 70 80 11 ...J.P.. ....7p..
0030 04 23 6d f2 00 00 01 01 08 0a 00 21 85 d9 00 21 .#m..... ...!...!
0040 85 d9 ..
Frame 9: summary
Code:
9 0.002626 127.0.0.1 127.0.0.1 TCP http > 46666 [FIN, ACK] Seq=518 Ack=416 Win=33856 Len=0 TSV=2196954 TSER=2196953
Frame 9 - raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 b0 be 40 00 40 06 8c 03 7f 00 00 01 7f 00 .4..@.@. ........
0020 00 01 00 50 b6 4a 8c af 37 70 8d 1f f2 d6 80 11 ...P.J.. 7p......
0030 04 22 6d f1 00 00 01 01 08 0a 00 21 85 da 00 21 ."m..... ...!...!
0040 85 d9 ..
Frame 10: summary
Code:
10 0.002657 127.0.0.1 127.0.0.1 TCP 46666 > http [ACK] Seq=416 Ack=519 Win=33888 Len=0 TSV=2196954 TSER=2196954
Frame 10 ; raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 34 74 e6 40 00 40 06 c7 db 7f 00 00 01 7f 00 .4t.@.@. ........
0020 00 01 b6 4a 00 50 8d 1f f2 d6 8c af 37 71 80 10 ...J.P.. ....7q..
0030 04 23 6d ef 00 00 01 01 08 0a 00 21 85 da 00 21 .#m..... ...!...!
0040 85 da ..
I hope this will help you to help me.
Thanks.
Prabhat Soni
Last edited by prabhatsoni; 11-19-2007 at 11:59 PM .
11-20-2007, 02:15 AM
#7
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
it's the frame 4 summary which clearly shows the actual HTML, nothing else is going to be useful here. in wireshark this would be split out to be nicely presented and formatted, but the HEX should be ok too. in itself i can't really see anything wrong... "GET / HTTP/1.1" is the request, and that looks just fine really. what happens if you use curl or wget to do the same thing? firefox is sending a lot of crap, but as unknown headers at worst, it really shouldn't matter.
11-20-2007, 03:57 AM
#8
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
Here is the wget result
Code:
[dgmpali@localhost ~]$ wget http://127.0.0.1/
--15:22:38-- http://127.0.0.1/
=> `index.html'
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response... 400 Bad Request
15:22:38 ERROR 400: Bad Request.
[dgmpali@localhost ~]$
And corresponding wireshark output is as under (only frame 4 is listed)
Frame 4 summary
Code:
4 0.000193 127.0.0.1 127.0.0.1 HTTP GET / HTTP/1.0
Frame 4 raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 a8 ad 82 40 00 40 06 8e cb 7f 00 00 01 7f 00 ....@.@. ........
0020 00 01 db 55 00 50 b3 dc 40 53 b3 ad a1 b7 80 18 ...U.P.. @S......
0030 04 01 fe 9c 00 00 01 01 08 0a 00 1b ed d2 00 1b ........ ........
0040 ed d2 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 ..GET / HTTP/1.0
0050 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 57 67 ..User-A gent: Wg
0060 65 74 2f 31 2e 31 30 2e 32 20 28 52 65 64 20 48 et/1.10. 2 (Red H
0070 61 74 20 6d 6f 64 69 66 69 65 64 29 0d 0a 41 63 at modif ied)..Ac
0080 63 65 70 74 3a 20 2a 2f 2a 0d 0a 48 6f 73 74 3a cept: */ *..Host:
0090 20 31 32 37 2e 30 2e 30 2e 31 0d 0a 43 6f 6e 6e 127.0.0 .1..Conn
00a0 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 ection: Keep-Ali
00b0 76 65 0d 0a 0d 0a ve....
Frame 6: Summary
Code:
6 0.072286 127.0.0.1 127.0.0.1 HTTP HTTP/1.1 400 Bad Request (text/html)
Frame 6: raw data
Code:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 02 39 4c 66 40 00 40 06 ee 56 7f 00 00 01 7f 00 .9Lf@.@. .V......
0020 00 01 00 50 db 55 b3 ad a1 b7 b3 dc 40 c7 80 18 ...P.U.. ....@...
0030 04 00 00 2e 00 00 01 01 08 0a 00 1b ee 1a 00 1b ........ ........
0040 ed d2 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 ..HTTP/1 .1 400 B
0050 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 ad Reque st..Date
0060 3a 20 54 75 65 2c 20 32 30 20 4e 6f 76 20 32 30 : Tue, 2 0 Nov 20
0070 30 37 20 30 39 3a 35 35 3a 30 34 20 47 4d 54 0d 07 09:55 :04 GMT.
0080 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f .Server: Apache/
0090 32 2e 32 2e 30 20 28 46 65 64 6f 72 61 29 0d 0a 2.2.0 (F edora)..
00a0 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content- Length:
00b0 33 33 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 336..Con nection:
00c0 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d close.. Content-
00d0 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b Type: te xt/html;
00e0 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 charset =iso-885
00f0 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 9-1....< !DOCTYPE
0100 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f HTML PU BLIC "-/
0110 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 /IETF//D TD HTML
0120 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 2.0//EN" >.<html>
0130 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 <head>.< title>40
0140 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 0 Bad Re quest</t
0150 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f itle>.</ head><bo
0160 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 dy>.<h1> Bad Requ
0170 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 est</h1> .<p>Your
0180 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 browser sent a
0190 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 request that thi
01a0 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e s server could n
01b0 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 ot under stand.<b
01c0 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c r />.</p >.<hr>.<
01d0 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 address> Apache/2
01e0 2e 32 2e 30 20 28 46 65 64 6f 72 61 29 20 53 65 .2.0 (Fe dora) Se
01f0 72 76 65 72 20 61 74 20 3c 61 20 68 72 65 66 3d rver at <a href=
0200 22 6d 61 69 6c 74 6f 3a 72 6f 6f 74 40 6c 6f 63 "mailto: root@loc
0210 61 6c 68 6f 73 74 22 3e 31 32 37 2e 30 2e 30 2e alhost"> 127.0.0.
0220 31 3c 2f 61 3e 20 50 6f 72 74 20 38 30 3c 2f 61 1</a> Po rt 80</a
0230 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c ddress>. </body><
0240 2f 68 74 6d 6c 3e 0a /html>.
Does it give you additional information ?
Thanks,
Prabhat Soni
11-20-2007, 05:46 AM
#9
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
There is additional input.
I went through the error_log file of the web server, and I am reproducing a few lines.
Code:
[Sat Nov 17 17:17:59 2007] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sat Nov 17 17:17:59 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Nov 17 17:18:00 2007] [notice] ModSecurity for Apache 2.1.3 configured - Apache/2.2.6 (Fedora)
[Sat Nov 17 17:18:00 2007] [notice] Digest: generating secret for digest authentication ...
[Sat Nov 17 17:18:00 2007] [notice] Digest: done
[Sat Nov 17 17:18:01 2007] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Sat Nov 17 17:18:01 2007] [notice] mod_python: using mutex_directory /tmp
[Sat Nov 17 17:18:02 2007] [notice] Apache/2.2.6 (Unix) DAV/2 mod_auth_kerb/5.3 mod_auth_pgsql/2.0.3 mod_ssl/2.2.6 OpenSSL/0.9.8b Apache/2.2.0 (Fedora) PHP/5.2.4 mod_python/3.3.1 Python/2.5.1 mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Nov 17 17:37:36 2007] [error] [client 10.68.184.137] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "10.68.184.137"] [uri "/"] [unique_id "wsrYb38AAAEAABQ0S-oAAAAA"]
It seems it is a question of security - see the last line of the output.
Any help.
Prabhat Soni
Last edited by prabhatsoni; 11-20-2007 at 05:47 AM .
11-20-2007, 11:32 PM
#10
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
Sir,
I have zero-ed down to the problem.
As reported in my previous post, I had indicated that there was some security problem. The access_log, indicated
msg "Host header is a numeric IP address"] [severity "CRITICAL"]
I interpreted this to mean that the the server does not like the numeric IP address. So I tried to access the server with the
http://localhost/
I got the web page on the browser.
So the problem is " how can I ask my apache web server to accept the numeric IP address." My web server is being used in my company only, and the access is through the IP address only.
Can you help me now.
Thanks in advance.
Prabhat Soni
11-21-2007, 01:55 AM
#11
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
well that's a nice thing to have happened, can you really not use a hostname? any company should have dns services running, and telling staff to use an ip address to hit a server is really quite horrible...
anyway, check your httpd.conf and associated modsecurity files to fine tune things...
http://www.modsecurity.org/documenta...irectives.html
11-21-2007, 06:08 AM
#12
Member
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233
Original Poster
Rep:
Thanks sir,
I got it.
In the following files:
/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
and
/etc/httpd/modsecurity.d/blocking/modsecurity_crs_21_protocol_anomalies.conf
I commented out which were used to "Check that the host header is not an IP address".
Then I got the web page displayed properly in my browser.
Thanks,
Prabhat Soni
All times are GMT -5. The time now is 09:55 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News