Bad Request Your browser sent a request that this server could not understand.
This was caused in part by Fixed in Apache httpd 2.2.32 important: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)
One workaround was to add
HttpProtocolOptions Unsafe
to http-vhosts.conf for each host.
However, it would be better to send proper Http, see HttpProtocolOptions Directive.
Even with the above change, there were still problems.
One thing that was necessary was to edit include/mail.inc.php and modify mail_getAdminCookie() so that it properly found the cookie.
However, the problems continued where I was still getting a password request page. I ended up reverting the patch to httpd.
The problems still continued, where I was getting the password page.
I reverted my changes in ~www/php and the problem went away!
It turns out that in include/mail.inc.php:
/** Get an administration page via HTTP GET.
*/
function getAdminPage_get($fullURL, $cookie) {
$cookieName = $cookie['name'];
$cookieValue = $cookie['value'];
$text = "";
$fp = fsockopen($_SERVER['SERVER_NAME'], 80, $errno, $errstr);
if(!$fp) {
/* FIXME: better error handling needed */
echo "Connect to ${_SERVER['SERVER_NAME']} failed
n";
echo "$errstr ($errno)
n";
} else {
/* Initialize the remote filename, then get the contents. */
fputs($fp, "GET $fullURL HTTP/1.0n");
I modified the last fputs to be
fputs($fp, "GET $fullURL HTTP/1.0rnrn");
and the problems came back.
The next step is to try the patch again.
To update without updating httpd:
yum update --exclude httpd* --exclude mod_ssl*