| Author |
|
digipen
Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen
|
 Posted: Thu 20 Jul '17 13:47 Post subject: Trouble when Upgrading from 2.4.23 to 2.4.27 |
 |
|
Hello,
we are with apache lounge since a some years without ever having problems during updates.
At the moment we are using the 2.4.23 VC14 version also with a (hopefully) stong ssl configuration.
So when I now updated to 2.4.27 VC14 then browsers (desktop and mobile) still work without problems.
But our digipen android app is no longer able to connect to our servers. So I had to turn the wheel back to 2.4.23.
What we found out is that the android client contacts the apache 2.4.27 and got 400 as status back. The httpd has not forwarded to the tomcat.
I assume that we have an inplementation problem in our clients, that I would like to detect.
From the changelog I guessed that one of the following entries could be the reason for our problem:
*) mod_rewrite: When a substitution is a fully qualified URL, and the
scheme/host/port matches the current virtual host, stop interpreting the
path component as a local path just because the first component of the
path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
to revert to previous behavior. PR60009.
[Hank Ibell <hwibell gmail.com>]
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
So I would like to ask the following questions:
1) Is there a way to find out more about the problem on the server side? The logfiles are not very helpful.
2) Are there archived binaries of the win64 vc14 2.4.25 and 2.4.26 releases? I can't find them on the webpage. Way back machine has also nothing achived.
Thanks for help in advance.
Kai from digipen |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3096
Location: Hilversum, NL, EU
|
| Posted: Thu 20 Jul '17 14:08 Post subject: |
|
|
| Restored Win64 2.4.25 and 2.4.26, replace in the download url 27 with 25/26. |
|
| Back to top |
|
digipen
Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen
|
| Posted: Thu 20 Jul '17 14:24 Post subject: |
|
|
| Thanks, I got both zips. |
|
| Back to top |
|
digipen
Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen
|
| Posted: Thu 20 Jul '17 14:52 Post subject: |
|
|
Ok our problem occurs first with 2.4.25.
So I assume its the RFC7230 thing.
Any idea how to "debug" this on server side? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7377
Location: Germany, Next to Hamburg
|
| Posted: Sun 23 Jul '17 17:13 Post subject: |
|
|
You can change the LogLevel to get more information in the logs. ( can blow your logs  )
it might help if you could post your config to the tomcat server. |
|
| Back to top |
|
digipen
Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen
|
| Posted: Mon 24 Jul '17 11:34 Post subject: |
|
|
Ok thanks all for help, finally we found our problem - the Android developers send a header "Android Version" which is wrong. So we replaced it with "Android-Version" to make things work  |
|
| Back to top |
|
digipen
Joined: 20 Jul 2017
Posts: 6
Location: Germany, Bremen
|
| Posted: Mon 24 Jul '17 11:56 Post subject: |
|
|
For backward compatibility I tried:
RequestHeader unset "Android Version" early
without luck, so last question is, is there a server side way to ignore/remove the not RFC7230 conform headers? |
|
| Back to top |
|
