Package: apache2-mpm-prefork Version: 2.2.16-6+squeeze7 Severity: important Tags: squeeze
Some of our users are not able to upload a file via POST Request by using their firefox browser. They get error 400 Bad Request. apache error.log: "request failed: error reading the headers" The problem is reproducible (on the affected systems) and the filesize ist important. Small files (~100 KB) work and larger files (~2 MB) do not. Affected Browsers/Operating Systems (client side): - it seems that only a few (~1%) of our firefox users run into that problem by uploading a file. Normal GET requests are not affected. - all versions of firefox are affected. - different operating systems are affected: WinXP, Vista, 7, Mac - no common plugins found on the affected browsers, but running firefox in "safe-mode" solves the problem (= then the upload is possible). - different antivirus and security suites used by the users. Affected Webservers/Operating Systems (server side): - only apache <= 2.2.16 (squeeze) seems to be affected. (Apache 2.2.9, Debian; Apache 2.2.10, SUSE) - the affected clients also have this problem when uploading a file to other companies webservers (if they are <= apache 2.2.16) - apache 2.2.22 (wheezy) seems to work correctly. - nginx, IIS also worked correctly I installed a server for TESTING and run tshark to capture the packets. - http://uploadtest.puzzleandplay.de/goodrequest.png (upload a small file, it works) - http://uploadtest.puzzleandplay.de/badrequest.png (upload a large file, it did NOT work) Related (known) Problems did not help to solve the problem: - http://stackoverflow.com/questions/9921052/400-bad-request-when-uploading-a -file-from-firefox-11-mac-osx Well, I am not sure if firefox or apache is responsible for that problem. BUT many different users are affected and in apache 2.2.22 the problem seems to be solved. I hope that a solution can be found for 2.2.16 (squeeze). I do not want to upgrade to wheezy on a production system ;-) Thanks, Thomas Details of apache 2.2.22: ==================== ii apache2-mpm-prefork 2.2.22-5 Apache HTTP Server - traditional non-threaded model Details of apache 2.2.16: ==================== ii apache2-mpm-prefork 2.2.16-6+squeeze7 Apache HTTP Server - traditional non-threaded model -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_svn authz_user autoindex cgi dav_fs dav dav_svn deflate dir env expires log_forensic mime negotiation php5 reqtimeout rewrite setenvif ssl status unique_id vhost_alias List of enabled php5 extensions: curl gd http imagick mcrypt memcache mysql mysqli pdo pdo_mysql ssh2 suhosin uploadprogress -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (300, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2-mpm-prefork depends on: ii apache2.2-bin 2.2.16-6+squeeze7 Apache HTTP Server common binary f ii apache2.2-common 2.2.16-6+squeeze7 Apache HTTP Server common files apache2-mpm-prefork recommends no packages. apache2-mpm-prefork suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
