All sites with error 412 Misdirected Request DirectAdmin and CloudLinux

[Marks]

All the sites on my server are experiencing this error. This is the first time this has happened to me in 12 years of working.

Can anyone help me?

 

[Marks]

DirectAdmin Support:

Hello,The problem is related to new Apache version 2.4.64 + Nginx configuration (nginx_apache).We already have the report to our developers to check it closer and get fixed ASAP.Using Apache 2.4.63 + Nginx works fine.Thank you.

Custom Build > Versions > Apache > Manually set version 2.4.63

 

[webroxau]

I reported this early on - it was issue with 2.4.64 Apache and nginx_apache webserver but apache webserver appears to work ok.

I temporarily worked around it for a couple of sites running through Cloudflare by changing the SSL encryption mode to Flexible which works but then all communication between your server and cloudflare is done over http instead of https.

I also rolled back to 2.4.63 until it can get sorted.

 

[webroxau]

Not just DA

https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request

 

[anas_xrt]

@webroxau @Marks Refer to https://docs.directadmin.com/changelog/version-1.680.html#software-version-changes

if you use custom nginx_apache, you would need to add as example here and do "da build rewrite_confs"

 location /
        {
|CUSTOM2|
                # access_log off;
                proxy_buffering |PROXY_BUFFERING|;
                proxy_pass http://|PROXY_IP|:|PORT_8080|;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_ssl_name $host;                       #<------add this 2 lines
                proxy_ssl_server_name on;                #<------add this 2 lines
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_hide_header Upgrade;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       |DOCROOT|/;
                internal;
        }

 

[Namhost]

Possible solutions:

- Try To Downgrade Apache (If you run Apache Only with 3rd party Proxies like ImunifyAV): https://docs.directadmin.com/custombuild/upgrading-services.html#override-single-package-version

For CloudFlare CDN sites:

As a temporary workaround, set any affected Domains to "DNS Only" and disable the encryption mode to use the SSL directly installed in cPanel rather than using Cloudflare's SSL.

https://developers.cloudflare.com/dns/proxy-status/ - Has more information on these configurations.

 

[nlaruelle]

It was not explicitly stated that 2.4.65 fixes the 421 error issue, so I made the test.

I would like to report that updating Apache from 2.4.63 to 2.4.65 (through DirectAdmin custombuild) still leads to the error **421 Misdirected Request** – The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.

This is at least the case for Cloudflare users… not tested with BunnyCDN.

I do not use nginx_apache, and CloudLinux + Imunify360 are in use.

 

[Namhost]

It sounds like the Apache team is not going to undo their changes. Instead, proxy servers now need to implement the necessary changes to accommodate Apache's new changes.

cPanel has already done so to adapt the required changes:

- https://support.cpanel.net/hc/en-us...83-Apache-2-4-65-Update-and-Reverse-Proxy-421
- https://support.cpanel.net/hc/en-us...ites-Displaying-421-Misdirected-Request-Error

 

[nlaruelle]

Providers should at least have a parameter setting to allow to set the SNI checking to "Off" if they want, and being able to do the other (security and performance) updates again, it think.

 

[Ohm J]

Currently no native support option for Apache.
It's enforce filter.