Apache ssl-enabled vhost returns random 400 bad request
https://stackoverflow.com/questions/4035822
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've setup two local vhosts (http and self-signed https) for billing.example.com and trying them in firefox with firebug. Http vhost only purpose is redirecting all requests to https.
Almost each time I request page from https, one or two files with associated resources (images, js, css, etc...) and sometimes php page itself return 400 bad request in firebug window, sometimes one or two files displayed as loaded for a long time. When I click on problem link in firebug, file loads as it should. Also, bad request or not loaded files changes almost each time I'm loading page.
Any ideas?
Server: Ubuntu 10.04, Apache/2.2.14 with mod_ssl
Vhosts:
Listen 80
<VirtualHost *:80>
ServerName billing.example.com
UseCanonicalName On
DocumentRoot /code/site/billing
...
RewriteEngine On
RewriteRule ^/(.*)$ https://billing.example.com/$1
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName billing.example.com
UseCanonicalName On
DocumentRoot /code/site/billing
...
SSLEngine On
SSLCertificateFile /code/site/ssl/example.crt
SSLCertificateKeyFile /code/site/ssl/example.key
</VirtualHost>
Rest are default settings from ubuntu apache2.
Solution
I was having this problem with apache 2.2.9 and upgrading to apache 2.2.22 solved the problem for me.
I would get random 400 response codes on some of the page requests. Sometimes images, sometimes AJAX requests. Occasionally it would be the page itself that would return a 400 along with this message.
Bad Request Your browser sent a request that this server could not understand. Request header field is missing ':' separator. live
I found the following rug report for that seemed related. The bug was fixed in apache 2.2.15 : https://bugzilla.redhat.com/show_bug.cgi?id=652335
I think this bug is the cause for lots of random errors when using https: Your browser sent a request that this server could not understand Request header field is missing ':' separator.
So thought I'd try updating to the latest apache with the latest mod_ssl - and that seemed to work.
OTHER TIPS
For the ssl portion, you may want to turn UseCanonicalName Off For virtual hosts, you are likely using a different domain than the main server and that could cause you to look for files outside of the virtual host.
For completeness on port 80, I would add [R,L] to the redirect.
RewriteEngine On
RewriteRule ^/(.*) http://billing.example.com/$1 [L,R]
