400 Error on Apache HTTPD after security update CVE-2016-8743
Issue
- 400 Error on the httpd server after security update - CVE-2016-8743
- Version httpd-2.4.6-45 will not allow this request and will throw HTTP 400 error, and below is the corresponding error log :
####### error Logs :
[Tue Nov 14 05:46:37.239592 2017] [core:debug] [pid 8344:tid 139677243242240] protocol.c(839): [client 127.0.0.1:6231] AH03448: HTTP Request Line; Excess whitespace (disallowed by HttpProtocolOptions Strict
[Tue Nov 14 05:46:38.240954 2017] [core:debug] [pid 8351:tid 139677243770624] protocol.c(839): [client 127.0.0.1:6231] AH03448: HTTP Request Line; Excess whitespace (disallowed by HttpProtocolOptions Strict
- The following error is happening:
[Thu Jun 28 14:04:41.595485 2018] [core:debug] [pid 29520:tid 9116] protocol.c(1383): [client 10.122.0.35:54497] AH00569: client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /heartbeat.html
Environment
- Red Hat Enterprise Linux
- 7.x
- 6.x
- Red Hat Software Collections
- 2.x
- 3.x
- JBoss Core Services (JBCS)
- Apache HTTPD
- 2.4.6
- 2.2.32
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
