All sites with error 412 Misdirected Request DirectAdmin and CloudLinux

Marks

Verified User
Joined
Jul 13, 2019
Messages
131
1752581269144.png


All the sites on my server are experiencing this error. This is the first time this has happened to me in 12 years of working.

Can anyone help me?
 
DirectAdmin Support:

Hello,The problem is related to new Apache version 2.4.64 + Nginx configuration (nginx_apache).We already have the report to our developers to check it closer and get fixed ASAP.Using Apache 2.4.63 + Nginx works fine.Thank you.

Custom Build > Versions > Apache > Manually set version 2.4.63
 
I reported this early on - it was issue with 2.4.64 Apache and nginx_apache webserver but apache webserver appears to work ok.

I temporarily worked around it for a couple of sites running through Cloudflare by changing the SSL encryption mode to Flexible which works but then all communication between your server and cloudflare is done over http instead of https.

I also rolled back to 2.4.63 until it can get sorted.
 
@webroxau @Marks Refer to https://docs.directadmin.com/changelog/version-1.680.html#software-version-changes

if you use custom nginx_apache, you would need to add as example here and do "da build rewrite_confs"

NGINX:
 location /
        {
|CUSTOM2|
                # access_log off;
                proxy_buffering |PROXY_BUFFERING|;
                proxy_pass http://|PROXY_IP|:|PORT_8080|;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_ssl_name $host;                       #<------add this 2 lines
                proxy_ssl_server_name on;                #<------add this 2 lines
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_hide_header Upgrade;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       |DOCROOT|/;
                internal;
        }
 
Possible solutions:

- Try To Downgrade Apache (If you run Apache Only with 3rd party Proxies like ImunifyAV): https://docs.directadmin.com/custombuild/upgrading-services.html#override-single-package-version

For CloudFlare CDN sites:

As a temporary workaround, set any affected Domains to "DNS Only" and disable the encryption mode to use the SSL directly installed in cPanel rather than using Cloudflare's SSL.

https://developers.cloudflare.com/dns/proxy-status/ - Has more information on these configurations.
 
It was not explicitly stated that 2.4.65 fixes the 421 error issue, so I made the test.

I would like to report that updating Apache from 2.4.63 to 2.4.65 (through DirectAdmin custombuild) still leads to the error **421 Misdirected Request** – The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.

This is at least the case for Cloudflare users… not tested with BunnyCDN.

I do not use nginx_apache, and CloudLinux + Imunify360 are in use.
 

Attachments

  • apache-update-custom-build.png
    apache-update-custom-build.png
    278.2 KB · Views: 51
  • 421-misredirect-error.png
    421-misredirect-error.png
    24 KB · Views: 57
Providers should at least have a parameter setting to allow to set the SNI checking to "Off" if they want, and being able to do the other (security and performance) updates again, it think.
 
We have this on a server that doesn't run Immunify or Cloudlinux and had to downgrade to Apache .63. We do have the lines mentioned by @anas_xrt but that didn't do much for us.
 
We have this on a server that doesn't run Immunify or Cloudlinux and had to downgrade to Apache .63. We do have the lines mentioned by @anas_xrt but that didn't do much for us.

Yes! CloudLinux confirmed to me that, at least with DirectAdmin (and CustomBuild), there is nothing related to CloudLinux here.

It seems that these behaviors are now expected from Apache and other providers, and we will be stuck at Apache 2.4.63 until all the CDNs of the world update their functionality, as we cannot afford to let end-users experience such errors with some CDN.

@ju5t the website where you see the error uses a CDN, right? Which one? I experienced the error with both Cloudflare and Bunny.
 
Maybe offtopic, but had the same problem. No CDN, No nginx-proxy.
The problem was in our monitoring-software (nagios) the check_http was used with --ssl but should have: --ssl --sni.
 
Back
Top