Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#802680: lighttpd: server.error-handler-404 broken, returns status code 200
48 views
Skip to first unread message
Jonathan Dowland
Oct 22, 2015, 11:40:07 AM10/22/15
to
Package: lighttpd
Version: 1.4.35-4
Severity: important
When using:
server.error-handler-404 = "/404/"
The resulting page is being returned status 200.
A related problem was fixed upstream in 1.4.17[1], but that was for when the handler
was a dynamic page, in my case I'm trying to serve a static page. The page is actually
served so I know the directive is being honoured; but it's definitely being returned
as HTTP 200.
[1] http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.5-x86_64-linode52 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lighttpd depends on:
ii init-system-helpers 1.22
ii libattr1 1:2.4.47-2
ii libbz2-1.0 1.0.6-7+b3
ii libc6 2.19-18+deb8u1
ii libfam0 2.7.0-17.1
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u1
ii libpcre3 2:8.35-3.3
ii libssl1.0.0 1.0.1k-3+deb8u1
ii libterm-readline-perl-perl 1.0303-1
ii lsb-base 4.1+Debian13+nmu1
ii mime-support 3.58
ii perl 5.20.2-3+deb8u1
ii systemd 215-17+deb8u2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages lighttpd recommends:
pn spawn-fcgi <none>
Versions of packages lighttpd suggests:
ii apache2-utils 2.4.10-10+deb8u3
ii openssl 1.0.1k-3+deb8u1
pn rrdtool <none>
-- Configuration Files:
/etc/lighttpd/conf-available/10-ssl.conf changed:
$SERVER["socket"] == "XXXXXXXXXXXXXX:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
ssl.ca-file = "/etc/ssl/private/XXXXXXXXXXX/sub.class1.server.sha2.ca.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "AES128+EECDH:AES128+EDH:ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!eNULL:!EDH:!AESGCM:!EXPORT:!DES"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable" # CRIME attack
}
/etc/lighttpd/lighttpd.conf changed:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.allowed-encodings = ("gzip", "deflate")
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/home/jon/etc/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-- no debconf information
Version: 1.4.35-4
Severity: important
When using:
server.error-handler-404 = "/404/"
The resulting page is being returned status 200.
A related problem was fixed upstream in 1.4.17[1], but that was for when the handler
was a dynamic page, in my case I'm trying to serve a static page. The page is actually
served so I know the directive is being honoured; but it's definitely being returned
as HTTP 200.
[1] http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.5-x86_64-linode52 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lighttpd depends on:
ii init-system-helpers 1.22
ii libattr1 1:2.4.47-2
ii libbz2-1.0 1.0.6-7+b3
ii libc6 2.19-18+deb8u1
ii libfam0 2.7.0-17.1
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u1
ii libpcre3 2:8.35-3.3
ii libssl1.0.0 1.0.1k-3+deb8u1
ii libterm-readline-perl-perl 1.0303-1
ii lsb-base 4.1+Debian13+nmu1
ii mime-support 3.58
ii perl 5.20.2-3+deb8u1
ii systemd 215-17+deb8u2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages lighttpd recommends:
pn spawn-fcgi <none>
Versions of packages lighttpd suggests:
ii apache2-utils 2.4.10-10+deb8u3
ii openssl 1.0.1k-3+deb8u1
pn rrdtool <none>
-- Configuration Files:
/etc/lighttpd/conf-available/10-ssl.conf changed:
$SERVER["socket"] == "XXXXXXXXXXXXXX:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
ssl.ca-file = "/etc/ssl/private/XXXXXXXXXXX/sub.class1.server.sha2.ca.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "AES128+EECDH:AES128+EDH:ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!eNULL:!EDH:!AESGCM:!EXPORT:!DES"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable" # CRIME attack
}
/etc/lighttpd/lighttpd.conf changed:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.allowed-encodings = ("gzip", "deflate")
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/home/jon/etc/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-- no debconf information
Jonathan Dowland
Oct 22, 2015, 2:10:03 PM10/22/15
to
The relevant upstream docs say
"You can use a dynamic or static page for the handler. If you use a static
page, the server will return a 404 HTTP status code with the content of your
static page."
http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
I hope I am reading this wrong, but this would suggest this was known
behaviour?
http://redmine.lighttpd.net/issues/2456
"You can use a dynamic or static page for the handler. If you use a static
page, the server will return a 404 HTTP status code with the content of your
static page."
http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details
I hope I am reading this wrong, but this would suggest this was known
behaviour?
http://redmine.lighttpd.net/issues/2456
Stefan Bühler
Oct 25, 2015, 2:30:04 PM10/25/15
to
Hi,
The docs and the behavior are certainly not optimal, but as
lighttpd-1.4.x is a "stable" branch we try to keep semantic changes to
a minimum.
Please use url.rewrite-if-not-file instead; if you have a scenario that
is not covered by url.rewrite-if-not-file you could also have a look
at mod_magnet.
regards,
Stefan
lighttpd-1.4.x is a "stable" branch we try to keep semantic changes to
a minimum.
Please use url.rewrite-if-not-file instead; if you have a scenario that
is not covered by url.rewrite-if-not-file you could also have a look
at mod_magnet.
regards,
Stefan
0 new messages