diff options
| author | William A. Rowe Jr <wrowe@apache.org> | 2016-12-22 19:20:25 +0000 |
|---|---|---|
| committer | William A. Rowe Jr <wrowe@apache.org> | 2016-12-22 19:20:25 +0000 |
| commit | cc3458b71bd636811862e1b074f4bf85313cb7bd (patch) | |
| tree | c958b6462d6baaa3e77473c9fb4e7b57962e8d85 | |
| parent | 750f7852f8192bb32a6ab258af7d9425c207f5f1 (diff) | |
| download | httpd-cc3458b71bd636811862e1b074f4bf85313cb7bd.tar.gz | |
Backports: r1185385
Submitted by: sf
Downgrade some more log messages indicating client errors from level error to
info. Add log messages for various reasons to return HTTP_BAD_REQUEST.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x-merge-http-strict@1775705 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | server/protocol.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/server/protocol.c b/server/protocol.c index f0faf0f261..121e084dbb 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -702,9 +702,21 @@ static int table_do_fn_check_lengths(void *r_, const char *key, "\n<pre>\n", ap_escape_html(r->pool, key), "</pre>\n", NULL)); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Request header exceeds " + "LimitRequestFieldSize after merging: %s", key); return 0; } +/* get the length of the field name for logging, but no more than 80 bytes */ +#define LOG_NAME_MAX_LEN 80 +static int field_name_len(const char *field) +{ + const char *end = ap_strchr_c(field, ':'); + if (end == NULL || end - field > LOG_NAME_MAX_LEN) + return LOG_NAME_MAX_LEN; + return end - field; +} + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) { char *last_field = NULL; @@ -755,6 +767,9 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Request header exceeds LimitRequestFieldSize: " "%.*s", field_name_len(field), field); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Request header exceeds LimitRequestFieldSize: " + "%.*s", field_name_len(field), field); } return; } @@ -786,6 +801,10 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb "Request header exceeds LimitRequestFieldSize " "after folding: %.*s", field_name_len(last_field), last_field); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Request header exceeds LimitRequestFieldSize " + "after folding: %.*s", + field_name_len(last_field), last_field); return; } @@ -811,6 +830,9 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb apr_table_setn(r->notes, "error-notes", "The number of request header fields " "exceeds this server's limit."); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Number of request headers exceeds " + "LimitRequestFields"); return; } @@ -829,6 +851,10 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb "separator: %.*s", (int)LOG_NAME_MAX_LEN, last_field); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Request header field is missing ':' " + "separator: %.*s", (int)LOG_NAME_MAX_LEN, + last_field); return; } @@ -957,12 +983,13 @@ request_rec *ap_read_request(conn_rec *conn) if (r->status == HTTP_REQUEST_URI_TOO_LARGE || r->status == HTTP_BAD_REQUEST) { if (r->status == HTTP_BAD_REQUEST) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "request failed: invalid characters in URI"); } else { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "request failed: URI too long (longer than %d)", r->server->limit_req_line); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "request failed: URI too long (longer than %d)", + r->server->limit_req_line); } ap_send_error_response(r, 0); ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); @@ -999,7 +1026,7 @@ request_rec *ap_read_request(conn_rec *conn) ap_get_mime_headers_core(r, tmp_bb); if (r->status != HTTP_OK) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "request failed: error reading the headers"); ap_send_error_response(r, 0); ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); @@ -1046,7 +1073,7 @@ request_rec *ap_read_request(conn_rec *conn) * headers! Have to dink things just to make sure the error message * comes through... */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "client sent invalid HTTP/0.9 request: HEAD %s", r->uri); r->header_only = 0; @@ -1088,7 +1115,7 @@ request_rec *ap_read_request(conn_rec *conn) * a Host: header, and the server MUST respond with 400 if it doesn't. */ r->status = HTTP_BAD_REQUEST; - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "client sent HTTP/1.1 request without hostname " "(see RFC2616 section 14.23): %s", r->uri); } @@ -1310,7 +1337,7 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) { /* Client tried to authenticate using wrong auth scheme */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "client used wrong authentication scheme: %s", r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; |