HTTP 500 server error returned while posting request without HOST header to Apache webserver.

book

Article ID: 52139

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Policy Server : 6.0 SP4
Webagent : 6QMR4 CR009
Web Server : HP-UX Apache Server/2.0.52 on HP-UX B.11.11

Webagent logged HTTP 500 server error: 10-0004 while Servlet is accessing (POST by HTTP/1.0) the Apache resources, however Servlet can successfully retrieve the same resource resides under SunOne webserver.

Exiting with HTTP 500 server error: 10-0004
--------------------------------------------
This error is triggered when an empty/missing host header is sent to the webserver/agent.

The issue is related to the request without HOST header that passed from the client (Java Servlet) to the webserver. Different webserver handles request differently.

For Apache, it heavily uses Name Based virtualhosts, thus it requires HTTP_HOST header. According to the code analysis on Webagent HTTP plugin, Apache HTTP Filter will return SmFailure if the request has HTTP_HOST header value of null or zero size in length.

For SunOne, it accepts requests with or without HOST header.

Furthermore, different webservers also exhibit different behaviours with webagent enabled/disabled while processing requests without HOST header. Followings are the testing results:

  1. Web Agent disabled:
    IIS = HTTP 400 Bad RequestSunOne = HTTP 200 OKApache = HTTP 200 OK
  2. Web Agent enabled:
    IIS = HTTP 400 Bad RequestSunOne = HTTP 200 OKApache = HTTP 500 Server Error

Solution:

Please ensure that the client pass a full-request to the webserver to avoid the error.

Environment

Release:
Component: SMAPC