I'm stumped, and my google and forum searching have not yeilded any results.

I'm using ubutntu 6.0.6, apache2, php5, mod_ssl, etc... the whole bit (perfect how-to from this site). I however, did NOT install ISP-Config, nor want to.

When I visit my site in ssl mode, the page pulls up just fine. When I visit in http/non-ssl mode I get a 400 Error. Even stranger, it's not putting anything in the error / access logs for me to go on. I imagine that the site in question is set for only SSL traffic, and because I'm not sending an SSL-Request along with the rest of the HTTP header, I'm getting this "Bad Request!" Error 400.

Here's my VirtualHost config:


NameVirtualHost *
<VirtualHost *>
ServerAdmin server@localhost

DocumentRoot /home/www/example.com/htdocs

<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_access.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature email

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>


Has anyone seen this problem? What can I do to fix it?

Thanks in advance!

What happens when you remove/comment out this stanza:

<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_access.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>and restart Apache?

There's nothing in /var/log/apache2/error.log?

OK, commenting it out allows port 80 traffic, but then throws this error for https:

Alert

example.com has sent an incorrect or unexpected message. Error Code: -12263

Subsequent refreshes give me the "Connection Interrupted" message in firefox.

This is what showed in the error.log (for the above operations, there was still nothing there for the port 80 traffic with that apache block enabled, which is strange to me).

[error] [client xxx.xxx.xxx.xxx] mod_security: Access denied with code 500. Pattern match "^$" at HEADER [uri ""]

Now, I'm wondering if it's just that the header is malformed because of mod_ssl is not configured correctly (or turned on, as commenting that block out turned it off) and mod_security is just doing it's job -- of if with that block turned off, mod_security is messing things up. I tend to lean towards the former.

Thanks for your help, falko.

This is what showed in the error.log (for the above operations, there was still nothing there for the port 80 traffic with that apache block enabled, which is strange to me).

[error] [client xxx.xxx.xxx.xxx] mod_security: Access denied with code 500. Pattern match "^$" at HEADER [uri ""]

You should either deactivate mod_security for now or change the mod_security rules until you get your vhost running on port 80.

Thanks for the help falko.

I ended up having to rebuild the server (installing bastille from apt-get hosed it up).

after rebuilding it, i tried a different route:

I installed a more conserative rule list for mod_security
i used the apache2-ssl-certificate to generate .pem file instead of manually creating all of the .crt .key, etc. files
I placed the same SSL config in the 000-default file of the Virtual Host directive, and didn't wrap it in <IfModule mod_ssl.c> tags


restarted apache, and tested both http and https and they both work.

here's the links that helped me the 2nd time around:
http://www.debianhelp.co.uk/apacheinstall.htm
http://forums.debian.net/viewtopic.php?t=3635&sid=.... (http://forums.debian.net/viewtopic.php?t=3635&sid=00c5a9c1c33d2096944d5d91643c5f99)(shortened)

error came back today. the only thing new on the server is ruby and ruby on rails related stuff (to get instiki up and running).

i can confirm that when i enable or disable the SSLEngine On stuff in the vhosts file, that http traffic resumes just fine.

i'm going to keep at it, but figured I'd through it back up here. btw, I disabled mod-security all together, and it doesn't seem to be affecting it.

ahha! here's more info. I disabled the ErrorDocument for the 400 error, and it told me this instead of the normal Bad Request error:

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

- - - -

So how can I tell apache to server the same content for http or https, and to turn on ssl when https is present?

And why did it work before just fine?

Well, here was one way around it....

I copied my /etc/apache2/sites-enabled/000-default file to /etc/apache2/sites-enabled/000-default.ssl

changed NameServer * to NameServer *:80 and NameServer *:443
changed Virtualhost * to Virtualhost *:80 / NameServer *:443 (depending on the file obviously... all the SSL stuff went in to the .ssl file).

And removed the SSLEngine On block from the 000-default file.

Now it's serving up both again.
---
Is there a way to do this without duplicating the vhosts directives? It's a little messy having it the way it is.

You need two vhosts, one for port 80 and one for port 443.

i was having this error 12263 problem too for a while. the problem for me was that i had two vhosts under :443, but only one of them had ssl directives in it. when i put sslengine on, etc. in the other one, it started working.