Apache + SSL Error 336027900 [closed] - linux

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I was reviewing the logs for my companies servers today and I discovered that there appears to be an error 336027900 logged every 5 minutes. This is what the log shows:
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443)
Our hosts are all behind a single proxy that is properly setup to handle SSL requests. I verified all of our vhost files have the ports setup appropriately. I have searched Google for this error message and found nothing of use. Any help would be greatly appreciated.
Thanks,
James Armes

Do you have a monitoring application that connects to the server at 5 minute intervals?
That error looks familiar; I believe it occurs when a client connects but attempts to speak HTTP rather than HTTPS.

By the way, if you are doing a reverse proxy, you should look into letting the reverse proxy do the SSL instead of Apache. Clients hit the reverse proxy using SSL on 443, and the reverse proxy decrypts the whole thing and forwards it off to your apache server, who doesn't know a thing about SSL.
Both squid and nginx support it. That way you dont have to mess around with getting SSL working on apache.

this looks like an "Internal Dummy Connection"
here is some more info on it:
http://wiki.apache.org/httpd/InternalDummyConnection

I think Jeff is right...
Some software is connecting to your servers without using ssl, maybe the proxy is sending some packages or some control messages, or you have any monitoring software, that connects each 5 minutes but doesnt take in account the SSL thing.

I've seen this error when attempting to connect with a browser that only has SSLv2 enabled.

The every five minutes thing sounds like Pingability.com (or the like) is hitting you.

Related

Intermittent Service not available Error in Elasticbeanstalk application

We are using a webserver with ElasticBeanstalk from 2019.,
the platform is
tomcat 8.5 with java8 running on 64 bit Amazon Linux. httpd as proxy
recently (from Jan 30th) we started getting Service Unavailable issues if go to the endpoint from time to time. and if we refresh 2-3 times it will get resolved on its own.
then I download full logs. under elasticbeanstalk-error_log I can see
[Mon Feb 28 10:00:58.338035 2022] [proxy:error] [pid 14882:tid 139757313533696] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:00:58.338078 2022] [proxy_http:error] [pid 14882:tid 139757313533696] [client <private-ip-here>:12566] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://<custom-end-point>/1/<name.jsp>?s=sec$$4P!&refresh=300
[Mon Feb 28 10:43:40.663468 2022] [proxy:error] [pid 14882:tid 139757120071424] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:43:40.663518 2022] [proxy_http:error] [pid 14882:tid 139757120071424] [client <private-ip-here>:21136] AH01114: HTTP: failed to make connection to backend: httpd-UDS
repeated multiple times from Jan30th.
and when I look at access.log
I can see 503 error log exactly at the same time when permission denied error logs in elasticbeanstalk-error_log
And I looked at the running process using ps -aux | grep HTTPd and ps -aux | grep tomcat
both are running from 2019 and have no restarts.
what more I can do to troubleshoot these issuesWe are running a web application written in Java(tomcat8) hosted in AWS ElastcBeanStalk
Some weeks back we started getting 503 error randomly
When we checked the elasticbeanstalk-erorr_logs
[Thu Mar 03 13:22:12.906144 2022] [proxy:error] [pid 14882:tid 139757338711808] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Thu Mar 03 13:22:12.906202 2022] [proxy_http:error] [pid 14882:tid 139757338711808] [client 172.31.17.0:61382] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://our-domain.com/1/callBackLog.jsp
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?
============= UPDATE
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?

Webserver attack solutions? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I own an Apache webserver on a Debian 8 VPS, and i got errors like this in my error log
What kind of attack is that? Is there any solution against?
[Sat Feb 02 07:05:49.618301 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/info1.php' not found or unable to stat
[Sat Feb 02 07:05:49.876335 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/aaaaaa1.php' not found or unable to stat
[Sat Feb 02 07:05:50.134024 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/up.php' not found or unable to stat
[Sat Feb 02 07:05:50.392310 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/test123.php' not found or unable to stat
(and other 300+ errors with random path)
Probably looking for exploitable scripts, perhaps that take GET arguments, etc. to maybe do a mysql injection or something.
Since it is your VPS, you could do something like install/configure fail2ban and have it watch for excessive 404 errors from a specific IP, at which point it will block it via iptables

HTTP: failed to make connection to backend: 0.0.0.0 - socket-js

I am running into an interesting problem in regards to running nodejs on port 8080. I have a new EC2 instance running ubuntu 16.04, I've configured apache2 to run on port 80 and have a reserve proxy setup to switch the port to the nodejs server running inside the /public directory to port 8080. This works great but, my bundle.js package calls the server in order to be updated: http://myamazonelasticipaddress/sockjs-node/info?t=1486698514348 This continually fails and I am left with the following error messages:
Fri Feb 10 02:28:51.358580 2017] [proxy:error] [pid 19100:tid 140639517771520] AH00940: HTTP: disabled connection for (0.0.0.0)
[Fri Feb 10 02:43:57.689148 2017] [proxy:error] [pid 19101:tid 140639568127744] (111)Connection refused: AH00957: HTTP: attempt to connect to 0.0.0.0:8080 (0.0.0.0) failed
[Fri Feb 10 02:43:57.689205 2017] [proxy:error] [pid 19101:tid 140639568127744] AH00959: ap_proxy_connect_backend disabling worker for (0.0.0.0) for 60s
[Fri Feb 10 02:43:57.689211 2017] [proxy_http:error] [pid 19101:tid 140639568127744] [client 192.55.192.52:56715] AH01114: HTTP: failed to make connection to backend: 0.0.0.0
I thought my firewall might be blocking this but I've allowed all connections to this port through. I've double checked my iptables configs and can't find anything. I have a vagrant machine that does this exact same routing and I have no problem.
I have to be missing something simple, any thoughts or ideas?
So my AWS security group configurations were indeed correct. The culprit, was that I needed to add a custom TCP type in the security group to allow port 8080 for the socketjs-node to connect.

godaddy SSL with Ubuntu servers running Apache

i have a godaddy ssl Standard certificate, and i have Ubuntu servers running Apache
i follow this page: http://www.codingepiphany.com/2014/11/26/installing-godaddy-ssl-certificate-in-an-ubuntu-server/
and i got apache error:
[Wed Oct 05 03:42:08.986881 2016] [mpm_prefork:notice] [pid 1060] AH00169: caught SIGTERM, shutting down
[Wed Oct 05 03:42:10.011970 2016] [ssl:warn] [pid 6821] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 05 03:42:10.013567 2016] [ssl:emerg] [pid 6821] AH02561: Failed to configure certificate dott.com:443:0, check /etc/ssl/gdssl/dott_com.crt
[Wed Oct 05 03:42:10.013618 2016] [ssl:emerg] [pid 6821] SSL Library Error: error:0906D06CSmiley TongueEM routinesSmiley TongueEM_read_bio:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Wed Oct 05 03:42:10.013661 2016] [ssl:emerg] [pid 6821] SSL Library Error: error:140AD009Smiley FrustratedSL routinesSmiley FrustratedSL_CTX_use_certificate_fileSmiley TongueEM lib
AH00016: Configuration Failed
also when i load certificate
openssl x509 -noout -text -in dott_com.crt -modulus | grep Modulus
i got unable to load certificate
also server name is dott.com in godaddy and in config file too
you might want to upload the certificate so someone can check it is actually valid. it may be corrupted or you incorrectly generated it(seems like the name form what the logs and erros are saying).
be sure to keep the private key to yourself!

Internal Server Error

The error message I gen when I try to access the web page server "192.168.50.29/cgi-bin/tinyPL.cgi"; looks like this:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root#localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.11 (Fedora) Server at 192.168.50.29 Port 80
Error_log :
[Sat Oct 24 21:30:47 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Oct 24 21:30:47 2009] [notice] Digest: generating secret for digest authentication ...
[Sat Oct 24 21:30:47 2009] [notice] Digest: done
[Sat Oct 24 21:30:48 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_ssl/2.2.11 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Sat Oct 24 21:30:50 2009] [error] [client 192.168.50.69] (13)Permission denied: exec of '/var/www/cgi-bin/tinyPL.cgi' failed
[Sat Oct 24 21:30:50 2009] [error] [client 192.168.50.69] Premature end of script headers: tinyPL.cgi
Could any one help me on this!
Your log file will have more details regarding the error, but an Internal Server error on a CGI script usually means that when the server tried to execute your CGI program the expected headers was not present.
In a perl script, that would be (for example):
use CGI qw(:standard);
print header();
Which will print out something like:
Content-type: text/html
Try and run your CGI script from the commandline and see if prints out those lines. The other problem might be due to access permissions. Apache might not be able to execute your script.

Resources