Provide a hint when we see what looks like an SSL record when we're

author Eric Covener <covener@apache.org>

Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)

committer Eric Covener <covener@apache.org>

Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)
author Eric Covener <covener@apache.org>
Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)
committer Eric Covener <covener@apache.org>
Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)
diff --git a/server/core.c b/server/core.c

index 257b516a704ee88227d7f02032b1d067679cc468..e10c1410293fa4925b1ef85351446d0dfb38c8bb 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -3673,8 +3673,19 @@ static int default_handler(request_rec *r)
      }
      else {              /* unusual method (not GET or POST) */
          if (r->method_number == M_INVALID) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "Invalid method in request %s", r->the_request);
+            /* See if this looks like an undecrypted SSL handshake attempt.
+             * It's safe to look a couple bytes into the_request if it exists, as it's
+             * always allocated at least MIN_LINE_ALLOC (80) bytes.
+             */
+            if (r->the_request
+                && r->the_request[0] == 0x16                                
+                && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3)) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request);
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s", r->the_request);
+            }
              return HTTP_NOT_IMPLEMENTED;
          }
author	Eric Covener <covener@apache.org>
	Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)
committer	Eric Covener <covener@apache.org>
	Sat, 31 Jan 2009 21:16:51 +0000 (21:16 +0000)