Troubleshooting httpd Configs

Mads Toftum was up early this morning, with several UserFriendly cartoons to keep us alive and awake, and lots of good tips for troubleshooting httpd config problems.

Getting right error message, getting sufficient information about a problem

You can always try to force it – there are very few personal problems that can’t
be solved by using dynamite! :-)

Backup, backup, backup!!!
Version control
.old, .older, .reallyold, .oldest
cp httpd.conf httpd.conf.`date’+%F_%H%M’`
inline copy/comment out

Browsers lie. [Ed. note - oh so much. All the time.]
Caching – try touching file, GETing again, checking Last-Modified:
Browser errors
IE – “DNS Error” = default “I’m not telling you what’s wrong, so nyeh” error
Serverside – generic errors

httpd -V
Find out where config file is living, where logs will be found, version, when
-V: show compile settings
-t: syntax check on config files – use this BEFORE you stop the old instance!
-l: list compiled-in modules
-L: list available config directives

telnet to port 80
GET / HTTP/1.0
HEAD / HTTP/1.0 -> mostly supported, gives just headers
Host: -> to test if things work, before DNS is set up/working

openssl s_client
Ala telnet, but wrapped in SSL
-showcerts -> dump server certs
-state -> how far it gets in the negotiation etc process
-reconnect -> test that you can reuse an old SSL connection

“I can’t connect” – firewall, no internet access, webserver not running
netstat -an (| grep LISTEN)
netstat -anp -inet (p = process listening, -inet gets rid of local sockets etc)

gdb, strace (use to diagnose errors while starting that never get to error log
etc – often opening the log file dir)/trace/truss/dtrace, tcpdump – web scraping proxy
Webdeveloper for Mozilla/FireFox

Always check the error log!
LogLevel: be careful about ‘debug’! Log files get big, fast.
Turn off RewriteLog in production – great for debugging though!

Connection errors – is the server even running/listening? ps, netstat, telnet
Did the request reach the server? tail -f accesslog, tcpdump
Protocol errors – openssl s_client

Startup errors – Always look in the error log
Socket already in use – check for duplicate Listen directives
Common problems: ServerName, non-existent log-file dir

404s – error log, access log
DocumentRoot pointing to the wrong place
Alias maps something to the wrong place
Redirects/ServerName/Rewrite problems
Relative vs Absolute paths!

403s – error log
“client denied by server configuration” – most common
httpd.conf – look for “Deny from”
“user xxx not found” – check password file – probably doesn’t exist!
“does not meet reqs for user/valid-user” – check Require valid-user/group/user

Scripting errors
500 Internal server error
Error log
./myscript – first line must be Content-type: xxx\n [Ed. note - clearly, the
script must also be runnable!]
suexec – is it enabled? Check log.

htaccess errors
Error log :-)
Syntax error in htaccess = internal server error
Check context
AllowOverride (echo “garbage” >> .htaccess should throw an internal server error
– otherwise, htaccess isn’t being used)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>