I suspect the priginal poster did in fact upgrade apache : they meniion "8.7 update", which I suspect means moving from 2.4.58-1ubuntu8.6 to 2.4.58-1ubuntu8.7 which was released a couple of days ago for Ubuntu 24.04:
https://ubuntu.com/security/notices/USN-7639-1
That update led to me seeing 421 "misdirected request" HTTP responses in xymon until we enabled SNI.
Minor correction to Jeremy's post: note that the xymonnet docs say that the flag to add (if updaating the xymonnet entry in tasks.cfg) is --sni=on , not just --sni.
To the original poster: you need to be aware that the http/https tests in xymon, along with a range of other network-related tests, are performed by the xymonnet command line tool:
https://xymon.sourceforge.io/xymon/help/manpages/man1/xymonnet.1.html
so using tools like wget will potentially give different responses. For example, SNI (server name indication) was added to wget in 2012 https://savannah.gnu.org/forum/forum.php?forum_id=7323 , and seems to be enabled by default with no option to disable it.
To see the effect of running xymonnet with and without sni,
/usr/lib/xymon/server/bin/xymonnet --no-update server.example.com
/usr/lib/xymon/server/bin/xymonnet --no-update --sni=on server.example.com
where server.example.com is the name of a host in your hosts.cfg that has an https test configured. (--no-update will print the test output to stdout rather than sending the report to your xymon server)
Adam
On 19/07/2025 10:38, Jeremy Laidman wrote:
Hi
This is quite possibly to do with SNI, where the webserver is unable to match a certificate to the request. Try adding "sni" to the hosts.cfg entry, or add "--sni" to the xymonnet parameters in tasks.cfg.
Apparently this is happening all over the place in the past few days, triggered by a patch by the Apache foundation for a CVE related to improper SNI handling. Could be a coincidence, given that you didn't upgrade Apache. But the symptoms appear to be the same.
Cheers Jeremy
On Sat, 19 Jul 2025 at 15:47, <betsys@well.com <mailto:betsys@well.com>> wrote:
We have an https test which started erroring when the target host auto-updated from ubuntu 8.6 to 8.7____ Anyone seeing anything like this?____ __ __ Apache version hasn’t changed , 2.4.58, although packages are re- installed with 8.7 versions____ Searching for “Misdirected request” brings up issues with multi- name certs but target cert is just for the one hostname, no SAN no wildcard. ____ __ __ Tried the various things like httpsc, httpsm, httpsh, no joy. ____ If I limit to http the test is green . I can wget the https page from the xymon host____ The SSL cert test has stayed green uninterrupted. ____ __ __ Ran the site past Qualys SSL test (external IP) and testssl (internal) with nothing much interesting. ____ Thanks for any clues. ____ __ __ --____ Hosts.cfg line:____ 172.30.0.202 dokuwiki.example.com <https:// eur03.safelinks.protection.outlook.com/? url=http%3A%2F%2Fdokuwiki.example.com%2F&data=05%7C02%7Calt36%40universityofcambridgecloud.onmicrosoft.com%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590690672%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=TcXvkcWmJYON2HsT1qH2MLhGi0Q%2FDOWKGr3TGpvrMT4%3D&reserved=0> #https://dokuwiki.example.com <https://dokuwiki.example.com/>> ---____ __ __ Yesterday:____ __ __ Fri Jul 11 14:41:35 2025: OK____ green https://dokuwiki.example.com/ <https:// eur03.safelinks.protection.outlook.com/? url=https%3A%2F%2Fdokuwiki.example.com%2F&data=05%7C02%7Calt36%40universityofcambridgecloud.onmicrosoft.com%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590725788%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=Z8rpHj2lB0Ume4CkTwWgbhKxCWbuy1c0jYS9zbgkYXw%3D&reserved=0> - OK____ __ __ HTTP/1.1 302 Found____ Date: Fri, 11 Jul 2025 21:41:35 GMT____ Server: Apache/2.4.58 (Ubuntu)____ Vary: Cookie____ Set-Cookie: DokuWiki=57e8op63npgj2ehl99rp99n1s1; path=/; secure; HttpOnly; SameSite=Lax____ Expires: Thu, 19 Nov 1981 08:52:00 GMT____ Cache-Control: no-store, no-cache, must-revalidate____ Pragma: no-cache____ Set-Cookie: DW7fa065a06cb74b536c124cfbe56ac6d3=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly; SameSite=Lax____ Location: /doku.php?id=start____ Content-Length: 0____ Connection: close____ Content-Type: text/html; charset=UTF-8____ __ __ Seconds: 0.017766000____ __ __ -- ____ __ __ --____ Today (showing http and https):____ __ __ Fri Jul 18 22:42:49 2025: Misdirected Request ; OK____ __ __ red https://dokuwiki.example.com/ <https:// eur03.safelinks.protection.outlook.com/? url=https%3A%2F%2Fdokuwiki.example.com%2F&data=05%7C02%7Calt36%40universityofcambridgecloud.onmicrosoft.com%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590738647%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=UoieKz2slmEzjyoEsgk5cKrz63YttdbWRQbG4Fz%2BrM4%3D&reserved=0> - Misdirected Request____ __ __ HTTP/1.1 421 Misdirected Request____ Date: Sat, 19 Jul 2025 05:42:49 GMT____ Server: Apache/2.4.58 (Ubuntu)____ Content-Length: 402____ Connection: close____ Content-Type: text/html; charset=iso-8859-1____ __ __ Seconds: 0.031074000____ __ __ green http://dokuwiki.example.com/ <https:// eur03.safelinks.protection.outlook.com/? url=http%3A%2F%2Fdokuwiki.example.com%2F&data=05%7C02%7Calt36%40universityofcambridgecloud.onmicrosoft.com%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590752209%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=X5QR6bOUgroMGuoyS%2FCj%2Bvefn3O%2F6DOoSneb0oyfVdw%3D&reserved=0> - OK____ __ __ HTTP/1.1 302 Found____ Date: Sat, 19 Jul 2025 05:42:49 GMT____ Server: Apache/2.4.58 (Ubuntu)____ Location: https://dokuwiki.example.com/ <https:// eur03.safelinks.protection.outlook.com/? url=https%3A%2F%2Fdokuwiki.example.com%2F&data=05%7C02%7Calt36%40universityofcambridgecloud.onmicrosoft.com%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590765144%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=NAUIfFyRXdqcmyxugQLJvRwRdacHgIkupOV8s9o9Bk4%3D&reserved=0>____ Content-Length: 285____ Connection: close____ Content-Type: text/html; charset=iso-8859-1____ __ __ Seconds: 0.015943000____ _______________________________________________ Xymon mailing list -- xymon@xymon.com <mailto:xymon@xymon.com> To unsubscribe send an email to xymon-leave@xymon.com <mailto:xymon- leave@xymon.com>
Xymon mailing list -- xymon@xymon.com To unsubscribe send an email to xymon-leave@xymon.com