Malformed requests

From ATI Chennai IT and ITES Wiki

Jump to: navigation, search


Malformed GET Requests

You are testing your SSL certificate on port 443 and your browser displays this message:

Invalid method in request \x16\x03\x01

You may also see SSL_ERROR_RX_RECORD_TOO_LONG or " has sent an incorrect or unexpected message. Error Code: -12263".

You can try debugging the problem by telnetting to the server on port 443 and issuing a GET command:

# telnet 443
Connected to
Escape character is '^]'.

If you get back HTML then you know your server is speaking unencrypted HTTP on port 443, which is bad.

This error is due to a misconfiguration of VirtualHost with SSL. The server is trying to respond to a request on port 443 with unencrypted HTTP. In other words, your browser is expecting SSL, but the server is sending plain HTTP on port 443.

Typically your conf/httpd.conf file will include conf/extra/httpd-ssl.conf:

Include conf/extra/httpd-ssl.conf

The default httpd-ssl.conf file will have a section like this:

<VirtualHost _default_:443>

Almost certainly the problem is that your server is using this default or the server is not matching your virtual host's IP at all. For SSL to work you must match the virtual host by IP address not name. Named virtual host won't work with SSL.

could not bind to address

If you get this error on startup then it means that you have a configuration problem where the server is trying to listen on all interfaces on port 443 and you have told it to listen to port 443 on a specific interface.

Address already in use: make_sock: could not bind to address

Probably you have a section with a specific VirtualHost IP address conflicting with the _default_ VirtualHost. A section something like this "<VirtualHost>" cannot be used with the default section like this "<VirtualHost _default_:443>".

Stop logging internal dummy connection in Apache

IPv4 logs lines like: - - [07/May/2020:03:03:59 +0000] "OPTIONS * HTTP/1.0" 200 110 "-" "Apache/2.4.10 (Debian) (internal dummy connection)"

With IPv6 the log lines come from the IP address ::1 and will look similar to this:

::1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"

Prevent logging for local requests

  • The simplest solution is to prevent logging for local requests.
  • Normally these would only be from the Apache server itself, unless you are doing something special which is requesting pages using the local IP address (i.e. ::1 or
  • Locate the logging section of your main Apache log file.
  • You’ll have an entry something along the lines of this, although the exact setting will vary depending on which operating system, distribution and version you are using, or any custom changes you have made:
CustomLog /var/log/apache2/access.log combined
  • Add this line for IPv4 style IP addresses for local connections (
SetEnvIf Remote_Addr "" dontlog

or this for IPv6 style IP addresses (::1):

SetEnvIf Remote_Addr "::1" dontlog

And then add env=!dontlog to the end of your logging line so it looks like this, using the same example as shown above:

CustomLog /var/log/apache2/access.log combined env=!dontlog

Now restart Apache and any local connections, including those internal dummy connection entries, will no longer be logged.


Personal tools