PQ80104: FORBIDDEN ERROR RETURNED TO THE BROWSER IF SSL DIRECTIVES SUCH AS SSLCIPHERBAN ARE CONFIGURED IN <LOCATION /*>CONTAINER

 A fix is available

PQ85834; 2.0.47,2.0.42,2.0.42.1,2.0.42.2: GSKit vulnerability and cumulative fix



APAR status
Closed as program error.

Error description
Customer configured these directives in a global scope of
IHS 2.0.42.2 on AIX:
.
<Location /*>
   SSLCipherBan 30
   SSLCipherBan 31
   SSLCipherBan 32
   SSLCipherBan 33
   SSLCipherBan 36
   SSLCipherBan 39
   SSLCipherBan 24
   SSLCipherBan 22
   SSLCipherBan 26
   SSLCipherBan 62
   SSLCipherBan 64
</Location>
.
Customer configured also non SSL VirtualHost in IHS, such
as:
<VirtualHost 9.27.40.29:6020>
ServerName slavic.raleigh.ibm.com
</VirtualHost>
.
When the customer tried to access this VirtualHost, "Forbidden"
error was returned to the browser.
This is a defect because SSL directives in a global scope
prevented non SSL VirtualHost from proper functioning.
Local fix
The workaround is to use <Location *> directive in a global
scope instead of <Location /*>.
Problem summary
Flag not being set properly in SSL directory st
ructure and causes forbidden when server accessed non-securely a
nd SSL directives are present in directory/location container in
global scope.
Problem conclusion
The flag was in directory structure was set
properly
Temporary fix Comments
APAR information
APAR number PQ80104
Reported component name WAS HTTP SERVER
Reported component ID 5630A3603
Reported release 00A
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-10-27
Closed date 2003-10-28
Last modified date 2003-11-19

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
MOD_IBM_ SSL        

Publications Referenced

Fix information
Fixed component name WAS HTTP SERVER
Fixed component ID 5630A3603

Applicable component levels
R00W PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > Runtime
Operating system(s):
Software version: 00A
Software edition:
Reference #: PQ80104
IBM Group: Software Group
Modified date: Nov 19, 2003