I suspect the priginal poster did in fact upgrade apache : they meniion "8.7 update", which I suspect means moving from 2.4.58-1ubuntu8.6 to 2.4.58-1ubuntu8.7 which was released a couple of days ago for Ubuntu 24.04:
https://ubuntu.com/security/notices/USN-7639-1
That update led to me seeing 421 "misdirected request" HTTP responses in xymon until we enabled SNI.
Minor correction to Jeremy's post: note that the xymonnet docs say that the flag to add (if updaating the xymonnet entry in tasks.cfg) is --sni=on , not just --sni.
To the original poster: you need to be aware that the http/https tests in xymon, along with a range of other network-related tests, are performed by the xymonnet command line tool:
https://xymon.sourceforge.io/xymon/help/manpages/man1/xymonnet.1.html
so using tools like wget will potentially give different responses. For example, SNI (server name indication) was added to wget in 2012 https://savannah.gnu.org/forum/forum.php?forum_id=7323 , and seems to be enabled by default with no option to disable it.
To see the effect of running xymonnet with and without sni,
/usr/lib/xymon/server/bin/xymonnet --no-update server.example.com
/usr/lib/xymon/server/bin/xymonnet --no-update --sni=on server.example.com
where server.example.com is the name of a host in your hosts.cfg that has an https test configured. (--no-update will print the test output to stdout rather than sending the report to your xymon server)
Adam
On 19/07/2025 10:38, Jeremy Laidman wrote:
Hi
This is quite possibly to do with SNI, where the webserver is unable to match a certificate to the request. Try adding "sni" to the hosts.cfg entry, or add "--sni" to the xymonnet parameters in tasks.cfg.
Apparently this is happening all over the place in the past few days, triggered by a patch by the Apache foundation for a CVE related to improper SNI handling. Could be a coincidence, given that you didn't upgrade Apache. But the symptoms appear to be the same.
Cheers
Jeremy
On Sat, 19 Jul 2025 at 15:47, <user-f098d492cd80@xymon.invalid <mailto:user-f098d492cd80@xymon.invalid>> wrote:
We have an https test which started erroring when the target host
auto-updated from ubuntu 8.6 to 8.7____
Anyone seeing anything like this?____
__ __
Apache version hasn’t changed , 2.4.58, although packages are re-
installed with 8.7 versions____
Searching for “Misdirected request” brings up issues with multi-
name certs but target cert is just for the one hostname, no SAN no
wildcard. ____
__ __
Tried the various things like httpsc, httpsm, httpsh, no joy. ____
If I limit to http the test is green . I can wget the https page
from the xymon host____
The SSL cert test has stayed green uninterrupted. ____
__ __
Ran the site past Qualys SSL test (external IP) and testssl
(internal) with nothing much interesting. ____
Thanks for any clues. ____
__ __
Hosts.cfg line:____
172.30.0.202 dokuwiki.example.com <https://
eur03.safelinks.protection.outlook.com/?
url=http%3A%2F%2Fdokuwiki.example.com%2F&data=user-354a6bce7cf6@xymon.invalid%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590690672%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=TcXvkcWmJYON2HsT1qH2MLhGi0Q%2FDOWKGr3TGpvrMT4%3D&reserved=0> #https://dokuwiki.example.com <https://dokuwiki.example.com/>>; ---____
__ __
Yesterday:____
__ __
Fri Jul 11 14:41:35 2025: OK____
green https://dokuwiki.example.com/ <https://
eur03.safelinks.protection.outlook.com/?
url=https%3A%2F%2Fdokuwiki.example.com%2F&data=user-354a6bce7cf6@xymon.invalid%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590725788%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=Z8rpHj2lB0Ume4CkTwWgbhKxCWbuy1c0jYS9zbgkYXw%3D&reserved=0> - OK____
__ __
HTTP/1.1 302 Found____
Date: Fri, 11 Jul 2025 21:41:35 GMT____
Server: Apache/2.4.58 (Ubuntu)____
Vary: Cookie____
Set-Cookie: DokuWiki=57e8op63npgj2ehl99rp99n1s1; path=/; secure;
HttpOnly; SameSite=Lax____
Expires: Thu, 19 Nov 1981 08:52:00 GMT____
Cache-Control: no-store, no-cache, must-revalidate____
Pragma: no-cache____
Set-Cookie: DW7fa065a06cb74b536c124cfbe56ac6d3=deleted; expires=Thu,
01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly;
SameSite=Lax____
Location: /doku.php?id=start____
Content-Length: 0____
Connection: close____
Content-Type: text/html; charset=UTF-8____
__ __
Seconds: 0.017766000____
__ __
-- ____
__ __
Today (showing http and https):____
__ __
Fri Jul 18 22:42:49 2025: Misdirected Request ; OK____
__ __
red https://dokuwiki.example.com/ <https://
eur03.safelinks.protection.outlook.com/?
url=https%3A%2F%2Fdokuwiki.example.com%2F&data=user-354a6bce7cf6@xymon.invalid%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590738647%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=UoieKz2slmEzjyoEsgk5cKrz63YttdbWRQbG4Fz%2BrM4%3D&reserved=0> - Misdirected Request____
__ __
HTTP/1.1 421 Misdirected Request____
Date: Sat, 19 Jul 2025 05:42:49 GMT____
Server: Apache/2.4.58 (Ubuntu)____
Content-Length: 402____
Connection: close____
Content-Type: text/html; charset=iso-8859-1____
__ __
Seconds: 0.031074000____
__ __
green http://dokuwiki.example.com/ <https://
eur03.safelinks.protection.outlook.com/?
url=http%3A%2F%2Fdokuwiki.example.com%2F&data=user-354a6bce7cf6@xymon.invalid%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590752209%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=X5QR6bOUgroMGuoyS%2FCj%2Bvefn3O%2F6DOoSneb0oyfVdw%3D&reserved=0> - OK____
__ __
HTTP/1.1 302 Found____
Date: Sat, 19 Jul 2025 05:42:49 GMT____
Server: Apache/2.4.58 (Ubuntu)____
Location: https://dokuwiki.example.com/ <https://
eur03.safelinks.protection.outlook.com/?
url=https%3A%2F%2Fdokuwiki.example.com%2F&data=user-354a6bce7cf6@xymon.invalid%7C86af66e17f6340211dc108ddc6a81856%7C49a50445bdfa4b79ade3547b4f3986e9%7C1%7C0%7C638885147590765144%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=NAUIfFyRXdqcmyxugQLJvRwRdacHgIkupOV8s9o9Bk4%3D&reserved=0>____
Content-Length: 285____
Connection: close____
Content-Type: text/html; charset=iso-8859-1____
__ __
Seconds: 0.015943000____