Odd error during message approval
![](https://secure.gravatar.com/avatar/8a24d0fcf13347755847334aaa969476.jpg?s=120&d=mm&r=g)
One of our list moderators got the following website error after trying to approve a posting to a moderated list:
"Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit."
Someone else was able to approve the same message after she logged in to the pending requests page.
I could not find any reference to this web server rotor in /various/log/httpd/error_log or ssl_error_log
Where does Mailman log it’s http errors and what could cause this error?
(I checked the /var/log/mailman logs and did not find anything either.)
(Running V 2.1.30 on Rocky Linux, 8.10, installed via the distro packages )
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
![](https://secure.gravatar.com/avatar/8a24d0fcf13347755847334aaa969476.jpg?s=120&d=mm&r=g)
On Oct 1, 2024, at 11:43 AM, Johnson, Bruce E - (bjohnson) <bjohnson@arizona.edu> wrote:
I could not find any reference to this web server rotor in /various/log/httpd/error_log or ssl_error_log
That should be ‘web server rotor in /var/log/httpd/error_log', damn you autoincorrect!
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 10/1/24 11:43, Johnson, Bruce E - (bjohnson) wrote:
Where does Mailman log it’s http errors and what could cause this error?
I seriously doubt that this request got to Mailman or even to Django. It looks like the error came from the web server. Can you find the request in other web server logs - maybe some access_log.
Mailman may have an access_log and error_log in it's var/logs/ directory (or wherever it keeps its logs.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/8a24d0fcf13347755847334aaa969476.jpg?s=120&d=mm&r=g)
On Oct 1, 2024, at 8:25 PM, Mark Sapiro <mark@msapiro.net> wrote:
External Email
On 10/1/24 11:43, Johnson, Bruce E - (bjohnson) wrote:
Where does Mailman log it’s http errors and what could cause this error?
I seriously doubt that this request got to Mailman or even to Django. It looks like the error came from the web server. Can you find the request in other web server logs - maybe some access_log.
Mailman may have an access_log and error_log in it's var/logs/ directory (or wherever it keeps its logs.
This is Mailman2 so not Django (I think) .
The error WAS from the web server, but while her address shows in the access logs, it does not in the error logs. There seems nothing unusual in the access_log or ssl_request_log for her IP address on the date and approximate time.
She’s told me it ‘occasionally happens’ but doesn’t seem connected to any thing other than approving a message (but that is the only time she ever interfaces with the Mailman web server) there are the normal access log entries for it,
Nothing in the actual https error logs than the usual stuff like "AH00126: Invalid URI in request GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1” kind of script-kiddie-like stuff, mostly from our on-campus Nessus scanning, or CISA scanning for vulnerable hosts, and nothing around the time that she got this error
It’s very odd. I’ve requested that she let me know immediately the next time it happens so I can get more accurate timing.
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 10/2/24 09:19, Johnson, Bruce E - (bjohnson) wrote:
This is Mailman2 so not Django (I think) .
Yes, I didn't pay adequate attention to which list this is.
The error WAS from the web server, but while her address shows in the access logs, it does not in the error logs. There seems nothing unusual in the access_log or ssl_request_log for her IP address on the date and approximate time.
She’s told me it ‘occasionally happens’ but doesn’t seem connected to any thing other than approving a message (but that is the only time she ever interfaces with the Mailman web server) there are the normal access log entries for it,
I'm guessing that Mailman is not directly involved. It is possible that something in the form generated by Mailman's admindb module is a contributing factor or possibly just some entry in the form, but barring that, the issue seems to be just between the browser and the web server.
It’s very odd. I’ve requested that she let me know immediately the next time it happens so I can get more accurate timing.
Your OP mentions rotor
. Is there a screen reader involved?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/8a24d0fcf13347755847334aaa969476.jpg?s=120&d=mm&r=g)
On Oct 1, 2024, at 11:43 AM, Johnson, Bruce E - (bjohnson) <bjohnson@arizona.edu> wrote:
I could not find any reference to this web server rotor in /various/log/httpd/error_log or ssl_error_log
That should be ‘web server rotor in /var/log/httpd/error_log', damn you autoincorrect!
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 10/1/24 11:43, Johnson, Bruce E - (bjohnson) wrote:
Where does Mailman log it’s http errors and what could cause this error?
I seriously doubt that this request got to Mailman or even to Django. It looks like the error came from the web server. Can you find the request in other web server logs - maybe some access_log.
Mailman may have an access_log and error_log in it's var/logs/ directory (or wherever it keeps its logs.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/8a24d0fcf13347755847334aaa969476.jpg?s=120&d=mm&r=g)
On Oct 1, 2024, at 8:25 PM, Mark Sapiro <mark@msapiro.net> wrote:
External Email
On 10/1/24 11:43, Johnson, Bruce E - (bjohnson) wrote:
Where does Mailman log it’s http errors and what could cause this error?
I seriously doubt that this request got to Mailman or even to Django. It looks like the error came from the web server. Can you find the request in other web server logs - maybe some access_log.
Mailman may have an access_log and error_log in it's var/logs/ directory (or wherever it keeps its logs.
This is Mailman2 so not Django (I think) .
The error WAS from the web server, but while her address shows in the access logs, it does not in the error logs. There seems nothing unusual in the access_log or ssl_request_log for her IP address on the date and approximate time.
She’s told me it ‘occasionally happens’ but doesn’t seem connected to any thing other than approving a message (but that is the only time she ever interfaces with the Mailman web server) there are the normal access log entries for it,
Nothing in the actual https error logs than the usual stuff like "AH00126: Invalid URI in request GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1” kind of script-kiddie-like stuff, mostly from our on-campus Nessus scanning, or CISA scanning for vulnerable hosts, and nothing around the time that she got this error
It’s very odd. I’ve requested that she let me know immediately the next time it happens so I can get more accurate timing.
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 10/2/24 09:19, Johnson, Bruce E - (bjohnson) wrote:
This is Mailman2 so not Django (I think) .
Yes, I didn't pay adequate attention to which list this is.
The error WAS from the web server, but while her address shows in the access logs, it does not in the error logs. There seems nothing unusual in the access_log or ssl_request_log for her IP address on the date and approximate time.
She’s told me it ‘occasionally happens’ but doesn’t seem connected to any thing other than approving a message (but that is the only time she ever interfaces with the Mailman web server) there are the normal access log entries for it,
I'm guessing that Mailman is not directly involved. It is possible that something in the form generated by Mailman's admindb module is a contributing factor or possibly just some entry in the form, but barring that, the issue seems to be just between the browser and the web server.
It’s very odd. I’ve requested that she let me know immediately the next time it happens so I can get more accurate timing.
Your OP mentions rotor
. Is there a screen reader involved?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Johnson, Bruce E - (bjohnson)
-
Mark Sapiro