[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] "Permissions" lost after upgrade to 2.4.33

On Mon, Jul 16, 2018 at 4:53 PM, James Moe <jimoe@xxxxxxxxxxxxxx.invalid> wrote:

  After the upgrade from v2.4.23 to v2.4.33, https requests yield error
Access forbidden!
You don't have permission to access the requested directory. There is
either no index document or the directory is read-protected.

Likely answered elsewhere.
http requests yield eroor 400:
Bad request!
Your browser (or proxy) sent a request that this server could not

That is straightforward, your *client*, not httpd, has been sending bad
requests. Those might have CR or LF line endings, but failed to send
both CR+LF as required by the spec. It might be sending a badly 
formatted request line, or invalid request header lines. LogLevel debug
here would be your friend, or you can use wireshark to look at a request.

'HttpProtocolOptions unsafe' config option can allow some of this very
unwise traffic to pass, but fixing the client is the correct solution.