On Mon, Jul 16, 2018 at 4:53 PM, James Moe <jimoe@sohnen-moe.com.invalid>
wrote:
>
> After the upgrade from v2.4.23 to v2.4.33, https requests yield error
> 403:
> Access forbidden!
> You don't have permission to access the requested directory. There is
> either no index document or the directory is read-protected.
>
Likely answered elsewhere.
> http requests yield eroor 400:
> Bad request!
> Your browser (or proxy) sent a request that this server could not
> understand.
>
That is straightforward, your *client*, not httpd, has been sending bad
requests. Those might have CR or LF line endings, but failed to send
both CR+LF as required by the spec. It might be sending a badly
formatted request line, or invalid request header lines. LogLevel debug
here would be your friend, or you can use wireshark to look at a request.
'HttpProtocolOptions unsafe' config option can allow some of this very
unwise traffic to pass, but fixing the client is the correct solution.
|