[pkg-lighttpd] Bug#802680: lighttpd: server.error-handler-404 broken, returns status code 200

Jonathan Dowland jmtd at debian.org
Thu Oct 22 15:12:06 UTC 2015

Package: lighttpd
Version: 1.4.35-4
Severity: important

When using:

	server.error-handler-404 = "/404/"

The resulting page is being returned status 200.

A related problem was fixed upstream in 1.4.17[1], but that was for when the handler
was a dynamic page, in my case I'm trying to serve a static page. The page is actually
served so I know the directive is being honoured; but it's definitely being returned
as HTTP 200.

[1] http://redmine.lighttpd.net/projects/1/wiki/Server_error-handler-404Details

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.18.5-x86_64-linode52 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lighttpd depends on:
ii  init-system-helpers         1.22
ii  libattr1                    1:2.4.47-2
ii  libbz2-1.0                  1.0.6-7+b3
ii  libc6                       2.19-18+deb8u1
ii  libfam0                     2.7.0-17.1
ii  libldap-2.4-2               2.4.40+dfsg-1+deb8u1
ii  libpcre3                    2:8.35-3.3
ii  libssl1.0.0                 1.0.1k-3+deb8u1
ii  libterm-readline-perl-perl  1.0303-1
ii  lsb-base                    4.1+Debian13+nmu1
ii  mime-support                3.58
ii  perl                        5.20.2-3+deb8u1
ii  systemd                     215-17+deb8u2
ii  zlib1g                      1:1.2.8.dfsg-2+b1

Versions of packages lighttpd recommends:
pn  spawn-fcgi  <none>

Versions of packages lighttpd suggests:
ii  apache2-utils  2.4.10-10+deb8u3
ii  openssl        1.0.1k-3+deb8u1
pn  rrdtool        <none>

-- Configuration Files:
/etc/lighttpd/conf-available/10-ssl.conf changed:
$SERVER["socket"] == "XXXXXXXXXXXXXX:443" {
	ssl.engine  = "enable"
	ssl.pemfile = "/etc/lighttpd/server.pem"
	ssl.ca-file = "/etc/ssl/private/XXXXXXXXXXX/sub.class1.server.sha2.ca.pem"
        ssl.use-sslv2 = "disable"
	ssl.use-sslv3 = "disable"
	ssl.cipher-list = "AES128+EECDH:AES128+EDH:ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!eNULL:!EDH:!AESGCM:!EXPORT:!DES"
	ssl.honor-cipher-order = "enable"
	ssl.use-compression = "disable" # CRIME attack

/etc/lighttpd/lighttpd.conf changed:
server.modules = (
server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.allowed-encodings  = ("gzip", "deflate") 
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/home/jon/etc/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

-- no debconf information

More information about the pkg-lighttpd-maintainers mailing list