Warning: I have found a strange reason behind this behavior. The question below is obsolete. This is actually the followup for the gory particulars.
- A production server running SuSE Enterprise 11 and my Django 1.1 application.
- The applying has been offered with Apache (
mod_wsgi) over HTTPS with client certificates (
- Tests are done in the same box by visiting the particular IP from the server, i.e. you will find no proxies among.
- No caching modules in Apache are installed (listed here are active: alias dir env expires headers include log_config mime rewrite setenvif ssl authz_host proxy proxy_http proxy_connect (no configuration of these three) unique_id wsgi).
The particular problem:
- A particular page (military services weapons image) creates a 500 error rather than 404 under certain conditions (due to Django, there's always a 302 redirect first to include a trailing slash).
- It's in some way certificate-dependant: most client certificates always obtain a 404, however, many don't. Certificates happen to be in comparison with no difference found.
- Whenever a "Cache-control: no-cache" is distributed towards the server, no 500 is came back, but an effective 404 rather.
- All of this happens only on a single server, test servers don't expose this issue despite the fact that the program is mainly identical.
- "Good" client certificate = always 302 + 404
- "Bad" client certificate + "Cache-control: no-cache" = always 302 + 404
- "Bad" client certificate without cache control = always 302 + 500.
PS: If this sounds like more appropriate for ServerFault, please move it or leave a notice that i can request this there.
Information as asked for by commenters
- If this 500 error happens, I am obtaining a
Request origin could not be validated.from
mod_wsgiwithin the logs, which, based on the author of
mod_wsgireally shouldn't happen, ever.