From c3749c6c4ec4401474c24381db77359869015ce9 Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Sat, 22 Sep 2018 00:08:20 +0300 Subject: [PATCH] Patches: Break HTTP codes, disable Apache HTML error page --- ...atch_apache_break_http_code_standard.patch | 46 +++++++++++++++++++ .../patch_apache_disable_html_errormsg.patch | 34 ++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 patches/patch_apache_break_http_code_standard.patch create mode 100644 patches/patch_apache_disable_html_errormsg.patch diff --git a/patches/patch_apache_break_http_code_standard.patch b/patches/patch_apache_break_http_code_standard.patch new file mode 100644 index 0000000..e132581 --- /dev/null +++ b/patches/patch_apache_break_http_code_standard.patch @@ -0,0 +1,46 @@ +Author: Pekka Helenius (~Fincer), 2018 + +This is an experimental patch, just introducing the principle of manipulating HTTP header response codes returned by Apache HTTP server to a client. The patch is mainly for personal use, nothing else. If you see it worth it, feel free to use it. And absolutely, feel free to modify it! If you see it just awful, ignore it. Thanks. + +The patch breaks HTTP standard by altering HTTP header response codes generated by Apache HTTP server. Generated codes are: + +If client request generates HTTP response code 401, the server returns error code 401. + +If client request generates HTTP response code 401->, the server returns error code 400. + +If client request generates HTTP response code 500->, the server returns error code 400 instead. + +Any other codes (100-308) will be returned normally, including 200 OK message. + +Remember to comment any unsupported ErrorDocument fields from your VirtualHost configurations before starting the server with this patch applied. + +All Apache HTTP response codes are listed in 'modules/http/http_protocol.c' file. + +This patch may break things badly, just be aware and proceed with care! Thanks. + + + +--- a/modules/http/http_protocol.c ++++ b/modules/http/http_protocol.c +@@ -1003,7 +1003,20 @@ AP_DECLARE(int) ap_index_of_response(int + if (status < 100) { + pos = (status + shortcut[i]); + if (pos < shortcut[i + 1] && status_lines[pos] != NULL) { +- return pos; ++ if (shortcut[i] == LEVEL_400) { ++ if (pos != (1 + shortcut[i])) { ++ return (0 + shortcut[i]); ++ } ++ else { ++ return pos; ++ } ++ } ++ else if (shortcut[i] == LEVEL_500) { ++ return (shortcut[i - 1]); ++ } ++ else { ++ return pos; ++ } + } + else { + return LEVEL_500; /* status unknown (falls in gap) */ diff --git a/patches/patch_apache_disable_html_errormsg.patch b/patches/patch_apache_disable_html_errormsg.patch new file mode 100644 index 0000000..75c3360 --- /dev/null +++ b/patches/patch_apache_disable_html_errormsg.patch @@ -0,0 +1,34 @@ +Author: Pekka Helenius (~Fincer), 2018 + +Patch: Remove error HTML body from Apache server output message. + +Removes additional error messages as well. +Do not give any hints about existence of Apache ErrorDocument to the client. + +This patch is useful in some cases but can bury underneath problems in server +configuration. Thus, use discretion before implementing the patch +in your Apache server. + +This patch removes default error pages returned by an erroneous HTTP request. +If you need to use error pages, customize them in your Apache configs with ErrorDocument. + +--- a/modules/http/http_protocol.c ++++ b/modules/http/http_protocol.c +@@ -1531,7 +1531,7 @@ AP_DECLARE(void) ap_send_error_response( + /* can't count on a charset filter being in place here, + * so do ebcdic->ascii translation explicitly (if needed) + */ +- ++/* + ap_rvputs_proto_in_ascii(r, + DOCTYPE_HTML_2_0 + "\n", title, +@@ -1549,7 +1549,7 @@ AP_DECLARE(void) ap_send_error_response( + "ErrorDocument to handle the request.</p>\n", NULL); + } + ap_rvputs_proto_in_ascii(r, ap_psignature("<hr>\n", r), NULL); +- ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL); ++ ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);*/ + } + ap_finalize_request_protocol(r); + }