10

I found this line Invalid method in request \x16\x03\x01 on error_log file , and some other similiar lines like:

[Wed Oct 27 23:16:37 2010] [error] [client 187.117.240.164] Invalid URI in request x\xb2\xa1:SMl\xcc{\xfd"\xd1\x91\x84!d\x0e~\xf6:\xfbVu\xdf\xc3\xdb[\xa9\xfe\xd3lpz\x92\xbf\x9f5\xa3\xbbvF\xbc\xee\x1a\xb1\xb0\xf8K\xecE\xbc\xe8r\xacx=\xc7>\xb5\xbd\xa3\xda\xe9\xf09\x95"fd\x1c\x05\x1c\xd5\xf3#:\x91\xe6WE\xdb\xadN;k14;\xdcr\xad\x9e\xa8\xde\x95\xc3\xebw\xa0\xb1N\x8c~\xf1\xcfSY\xd5zX\xd7\x0f\vH\xe4\xb5(\xcf,3\xc98\x19\xefYq@\xd2I\x96\xfb\xc7\xa9\xae._{S\xd1\x9c\xad\x17\xdci\x9b\xca\x93\xafSM\xb8\x99\xd9|\xc2\xd8\xc9\xe7\xe9O\x99\xad\x19\xc3V]\xcc\xddR\xf7$\xaa\xb8\x18\xe0f\xb8\xff

Apache did a graceful restart a few seconds after the first error...

user9517
  • 114,104
  • 20
  • 206
  • 289
valter
  • 689
  • 5
  • 13
  • 23

3 Answers3

15

Wrt the first error, it's possible that your webserver is mistakenly trying to speak unencrypted HTTP to a request that came in on port 443 (HTTPS).

To test this, telnet to port 443 on your webserver's hostname or IP address and issue: GET / HTTP/1.0. Assuming the IP address is 10.0.0.1, that you're using Windows, and that you have the Windows telnet client installed (which sucks, btw - I prefer SecureCRT or PuTTY, which is free), type the following in a command prompt window and press Enter:

telnet 10.0.0.1 443

When the connection is established (you should see a blank screen with a blinking cursor), type:

GET / HTTP/1.0

...and press Enter twice.

Quick note: You won't be able to see the stuff that you type after the telnet session has been established, even though your keystrokes will still be sent to server. In the Windows telnet client, a setting called "localecho" controls this behaviour, but it's turned off by default.

Quick note #2: Backspace "won't work", so be careful not to make a typo or you'll need to start from scratch.

If you get back plaintext, readable HTML, you probably have some problem with your virtual hosts configuration.

I'm not sure about the second error, though, and even if the above is the case, it shouldn't cause Apache to gracefully restart...

Xhantar
  • 1,002
  • 1
  • 8
  • 11
  • how can I do that ? – valter Oct 28 '10 at 10:49
  • I've modified my answer to hopefully explain it better. Alternatively, just open the website in your webbrowser but use https://... instead of http://... and check what you get back. – Xhantar Oct 28 '10 at 19:47
  • PuTTY for telnet client FTW [Using PuTTY as telnet client](http://forums.udacity.com/questions/6003729/windows-using-putty-as-a-telnet-client) – Umber Ferrule Jun 20 '14 at 10:05
0

From doing a little research, apache version 2.2.21 and below is vulnerable when returning error 400.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

Update your apache to 2.2.22 or above if it isn't already.

Evil Spork
  • 109
  • 2
0

FIXED my error

instead of

server {
    listen 443;

use the following to tell server this you are using 443 actually to listen to ssl/https request.

server {
  listen *:443 default_server ssl;
Anup Singh
  • 21