Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yermek2015-12-03 13:55:31
Apache HTTP Server
Yermek, 2015-12-03 13:55:31

[Apache error AH00126. Invalid URI in request GET / HTTP/1.1] How to find the reason?

Good afternoon everyone!
Preamble
I have a website here on my home server that looks at the Internet (the server itself is behind a router on which port forwarding is configured)
. The server has Ubunu Server OS installed.
Raised LAMP server
Two virtual hosts are spinning on the server.
Their parameters from .conf files

<VirtualHost *:80>
    ServerName xxxxxx.xx
    DocumentRoot /var/www/xxxxxx.xx/public_html
    <Directory /var/www/xxxxxx.xx/public_html>
        AllowOverride All
    </Directory>
<VirtualHost>

I wrote a script here that rummaged through the FS and gave the user either a directory listing or a header for downloading a file.
Plot
Reading here about site vulnerabilities and came across the ability to view ALL fs by adding strings like "../" to the request.
Of course, I decided to check on my script.
Of course the script is susceptible to this vulnerability.
I decided to rewrite the script, but for now I decided to play with the address bar. Added the combination mentioned above to the request parameter. Moreover, I did not bother with the length and inserted different lines of the form "../../../../../../../../../../" The script displayed the contents of the root.
I calmed down and went to rewrite my script
Rewrote, if interested, completely the scheme. Now, when scanning a directory, the presence of a link to a file in the database is checked, if not, it is added. These file IDs are passed to the user in the list. When a file is requested by id, the DB-File is reverse-matched and the result is returned to the user. The file is the title of the download, the directory is its contents

The script was rewritten on a laptop, and everything was perfectly tested on it.
When I marked up the script on my server, I saw an error message 400 (Bad Request). The Apache log contains the following lines:

[Thu Dec 03 15:44:01.944696 2015] [core:error] [pid 2001] [client 192.168.100.50:56566] AH00126: Invalid URI in request GET / HTTP/1.1
[Thu Dec 03 15:46:42.909538 2015] [core:error] [pid 2474] [client 192.168.100.50:56679] AH00126: Invalid URI in request GET /index.php HTTP/1.1
[Thu Dec 03 15:46:48.329383 2015] [core:error] [pid 2475 ] [client 192.168.100.50:56684] AH00126: Invalid URI in request GET /fs/ HTTP/1.1

those. the server responds to completely legitimate requests with an error
. And only the virtual host where I played with the address bar was blocked. Both localshot and the second virtual host work fine.
Summary
As I understand it, some kind of security module worked somewhere.
As far as I understand, moc_sucurety is not running for me. I obviously did not run it, and there are no options in the .config files. This parameter was searched through mc by the mask of the .config file (and * too) to the securety line in the /etc/apache2 folder.
Can you please tell me how to revive my host? Where to dig, and what to look?
Is there a way to reset this error flag?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Similar questions
K
krll-k2014-06-16 12:24:32
How to make subdomains on localhost? 2Reply
O
Oleg Kalensky2018-12-13 04:03:08
Why is Apache not responding? 0Reply
T
theEternalStudent2016-07-15 16:32:12
How to write a 303 redirect rule in htaccess? 2Reply
M
muhasa2018-12-15 16:25:06
Why can't I block access to a specific file? 1Reply
J
Julia Kovalenko2016-07-20 14:41:44
How to send send requests through my server? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question