Bug 62456 - LogLevel core:debug needed to see reason for HTTP 400 bad request; unusual setting for prod
Summary: LogLevel core:debug needed to see reason for HTTP 400 bad request; unusual se...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.33
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-14 16:53 UTC by chris@familie-hilgers.com
Modified: 2018-06-14 16:53 UTC (History)
0 users



Attachments
Patch suggestion to replace APLOG_DEBUG with APLOG_INFO (3.14 KB, patch)
2018-06-14 16:53 UTC, chris@familie-hilgers.com
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description chris@familie-hilgers.com 2018-06-14 16:53:29 UTC
Created attachment 35967 [details]
Patch suggestion to replace APLOG_DEBUG with APLOG_INFO

With changes for https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25
important: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions
was introduced and defaults to strict in 2.4.24

It took me two days on prod environemnt to understand why HTTP Requests got rejected with HTTP 400 Bad Request.

If I would have had LogLevel core:debug it would have been faster, but this is not
the expected LogLevel on Prod Systems.

[Thu Jun 14 09:38:22.660889 2018] [core:debug] [pid x:tid x] protocol.c(839): [client XXX:38308] AH03448: HTTP Request Line; Excess whitespace (disallowed by HttpProtocolOptions Strict

I suggest to replace in server/protocol.c around line 820 all APLOG_DEBUG with 
APLOG_WARNING or APLOG_INFO   So that the reason gets obvious in logs, like it
was done with eg. APLOGNO(00561)


    if (deferred_error != rrl_none) {
        if (deferred_error == rrl_badmethod)
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445)
                          "HTTP Request Line; Invalid method token: '%.*s'",
                          field_name_len(r->method), r->method);
        else if (deferred_error == rrl_badmethod09)
...
        else if (deferred_error == rrl_badprotocol)
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418)
                          "HTTP Request Line; Unrecognized protocol '%.*s' "
                          "(perhaps whitespace was injected?)",
                          field_name_len(r->protocol), r->protocol);
        r->status = HTTP_BAD_REQUEST;
        goto rrl_failed;
    }

Sorry I am not to test compile the attached patch suggestion!