search cancel

HTTP 500 server error returned while posting request without HOST header to Apache webserver.


Article ID: 52139


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Policy Server : 6.0 SP4
Webagent : 6QMR4 CR009
Web Server : HP-UX Apache Server/2.0.52 on HP-UX B.11.11

Webagent logged HTTP 500 server error: 10-0004 while Servlet is accessing (POST by HTTP/1.0) the Apache resources, however Servlet can successfully retrieve the same resource resides under SunOne webserver.

Exiting with HTTP 500 server error: 10-0004
This error is triggered when an empty/missing host header is sent to the webserver/agent.

The issue is related to the request without HOST header that passed from the client (Java Servlet) to the webserver. Different webserver handles request differently.

For Apache, it heavily uses Name Based virtualhosts, thus it requires HTTP_HOST header. According to the code analysis on Webagent HTTP plugin, Apache HTTP Filter will return SmFailure if the request has HTTP_HOST header value of null or zero size in length.

For SunOne, it accepts requests with or without HOST header.

Furthermore, different webservers also exhibit different behaviours with webagent enabled/disabled while processing requests without HOST header. Followings are the testing results:

  1. Web Agent disabled:
    IIS = HTTP 400 Bad RequestSunOne = HTTP 200 OKApache = HTTP 200 OK
  2. Web Agent enabled:
    IIS = HTTP 400 Bad RequestSunOne = HTTP 200 OKApache = HTTP 500 Server Error


Please ensure that the client pass a full-request to the webserver to avoid the error.


Component: SMAPC