we have a few requests randomly occurring with these errors:
[Tue Nov 21 05:10:34 2017] [warn] [client XX.XX.XX.XX] mod_fcgid: can't init env request header, referer: https://example.com/
[Tue Nov 21 05:10:34 2017] [warn] [client XX.XX.XX.XX] mod_fcgid: can't build begin or env request, referer: https://example.com/
The browser seems to then return an HTTP 500 error see access log below. We are not able to reproduce this, even when sending the same request from same browser. So we suspect that a very few users seem to be sending specific headers that are causing this problem.
In the access log, such failed requests look like this:
host.example.com XX.XX.XX.XX - - [21/Nov/2017:05:10:34 +0100] "GET /test.php?xxxxx HTTP/1.1" 500 343 "https://example.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0"
They seem to be mainly coming from Firefox 56 and Firefox 57 users so far. The GET request is quite long as there are about 40K on URL parameters. This is why set these options:
LimitRequestLine 100000
LimitRequestFieldSize 100000
FcgidMaxRequestsPerProcess 3000
FcgidBusyTimeout 900
FcgidIOTimeout 900
FcgidOutputBufferSize 131072
FcgidMaxRequestInMem 524288
FcgidMaxRequestLen 1073741824
FcgidMaxProcesses 30
FcgidMaxProcessesPerClass 30
Unfortunately, there is not much to find about this error. Some suggest it may be related to mod_security which is not activated here. The request is supposed to go to PHP 7.
Does anyone have an idea on what could cause this?
We are using Apache 2.2.32 on Debian. Server MPM: Worker
