400 Bad Request when https is used

Discussion in 'Installation/Configuration' started by Overcrook, Sep 17, 2011.

  1. Overcrook

    Overcrook New Member

    Hi,

    I have a problem when I try to use https on my webmail site. (roundcube)
    Also there is the same problem if I try to use the ISPConfig WebGUI via https.

    Since last week I get the following error
    Code:
    Bad Request
    
    Your browser sent a request that this server could not understand.
    Request header field is missing ':' separator.
    
    ge=0
    ,but everytime with a different error code in the last section.
    If I reload the page long enough I get to the login screen and further, but than after some time I get the error again.

    here is the log for the error
    Code:
    [17/Sep/2011:14:11:45 +0200] "GET / HTTP/1.1" 400 232 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
    
    If I disable https in the apache2 config file (for ISPConfig), or disable https in the WebGUI for my webmail site, everything works fine.
    I already tried different browser, but the error was still the same.

    I would like to use https again, but with this error I can't

    Thanks for your help.

    Yours,
    Ovi
     
  2. falko

    falko Super Moderator

    Did you choose HTTPS during ISPConfig installation, or did you do the HTTPS configuration yourself sometime later?
     
  3. Overcrook

    Overcrook New Member

    Hi falko,

    I did choose the HTTPS option during the ISPConfig installation.
    I also reinstalled ISPConfig und reconfigured it again.

    And till last week, everything worked flawlessly.

    The only thing I did last week was to install ia32-libs, 'cause a friend of mine wanted a CounterStrike Source Server ... and with Debian 64-bit I needed those.
    And then two days later I got the " 400 Bad Request " error. I searched the logs, but I didn't find anything useful.
     
  4. falko

    falko Super Moderator

    Can you check (by looking at the modification times) if your ISPConfig vhost configuration and your certificate have been changed recently?
     
  5. Overcrook

    Overcrook New Member

    The last changes at the certificates were 2010-06-30 (the date fits to my reinstall of ISPConfig (only ISPConfig, not a full reinstall of the server)).
    And the vhost changed at 2011-09-19, 'cause I tried to use HTTPS again after a reboot yesterday. But all I got was the same error again

    in /var/log/ispconfig/httpd/.../access.log
    Code:
    "GET / HTTP/1.1" 400 232 "
    and in /var/log/apache2/error.log
    Code:
    [Mon Sep 19 19:06:21 2011] [error] [client XXX] request failed: error reading the headers
    .

    Here the ispconfig.vhost
    Code:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################
    
     Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
      ServerAdmin webmaster@localhost
    
      <IfModule mod_fcgid.c>
        DocumentRoot /var/www/ispconfig/
        SuexecUserGroup ispconfig ispconfig
        <Directory /var/www/ispconfig/>
          Options Indexes FollowSymLinks MultiViews +ExecCGI
          AllowOverride AuthConfig Indexes Limit Options FileInfo
          AddHandler fcgid-script .php
          FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
          Order allow,deny
          Allow from all
        </Directory>
      </IfModule>
    
      <IfModule mod_php5.c>
        DocumentRoot /usr/local/ispconfig/interface/web/
        AddType application/x-httpd-php .php
        <Directory /usr/local/ispconfig/interface/web>
          Options FollowSymLinks
          AllowOverride None
          Order allow,deny
          Allow from all
              php_value magic_quotes_gpc        0
        </Directory>
      </IfModule>
    
      # ErrorLog /var/log/apache2/error.log
      # CustomLog /var/log/apache2/access.log combined
      ServerSignature Off
    
      <IfModule mod_security2.c>
        SecRuleEngine Off
      </IfModule>
    
      # SSL Configuration
    #  SSLEngine On
    #  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    #  SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    
    </VirtualHost>
    
    <Directory /var/www/php-cgi-scripts>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <Directory /var/www/php-fcgi-scripts>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    I commented the SSL part out to use the panel via HTTP.

    The stange thing is, that if I reload the site again and again after some time (maybe 5-10 tries) I get a possitive responde, but sometimes without the correct css display of the site.

    http://db.tt/8IVZNhY <-- here some pictures
     
  6. till

    till Super Moderator

    Please post the output of:

    ls -la /usr/local/ispconfig/interface/ssl/

    and the output of:

    a2enmod ssl
     
  7. Overcrook

    Overcrook New Member

    Here the output of ls -la /usr/local/ispconfig/interface/ssl/
    Code:
    drwxr-s--- 2 ispconfig ispconfig 4.0K 2011-03-23 15:02 .
    drwxr-s--- 7 ispconfig ispconfig 4.0K 2010-10-07 21:12 ..
    -rwxr-x--- 1 ispconfig ispconfig 1.8K 2010-06-30 17:14 ispserver.crt
    -rwxr-x--- 1 ispconfig ispconfig 3.2K 2010-06-30 17:14 ispserver.key
    and a2enmod ssl
    Code:
    Module ssl already enabled
    Thanks again for the help
     
  8. Overcrook

    Overcrook New Member

    Solved

    Hi Guys,

    after I've tried pretty much everything I thought that I must reinstall the whole server.
    But a little voice whispered to me that I should'nt give up - And it has paid off.

    Now my HTTPS works again. And all I did was to disable ssl in apache2
    Code:
    a2dismod ssl
    and enable it again
    Code:
    a2enmod ssl
    I don't know exactly why it works again, and I could bite me in the ass for not doing it before, but I'm really happy that my HTTPS works again.
     

Share This Page