apache – 421 Misdirected request on shared host

421 is returned when the browser tries to reuse the connection for another site. This is allowed under HTTP / 2 to save the cost of opening another connection since, in most cases, it is better to use fewer connections under HTTP / 2.

The browser should only reuse a connection that is assigned to the same IP address and where the certificate used covers both sites (which is the case of its three sites).

Despite these conditions, occasionally the browser will try to reuse a connection when it shouldn't. Apache's main case is if different SSL / TLS settings are configured for each vhost. Looking at ssllabs.com for each of its three domains, the settings look the same, making it difficult to see why Apache is returning this. You should contact your hosting provider and ask them to verify this.

In these cases, Firefox will see response 421, establish a new connection, and request the resource again. However, unlike a 301 or 302, it appears that this won't show up as a separate request in the developer tools.

The alternatives to solve this are:

  1. Have the hosting provider identify the cause and allow the connections to be reused.
  2. Use different certificates for each domain (so that the browser does not try to reuse the connection).
  3. Use a different IP address for the other domains, even if they are assigned to the same server (so that the browser does not try to reuse the connection).
  4. Stop using http / 2, which seems a shame as it generally provides good performance.
  5. Stop using other domains, at least for HTTP / 2.

I think you should seriously look at the last one. The benefit of using other domains (called sharding) is often overstated in my opinion for HTTP / 1 and shouldn't be necessary under HTTP / 2.

Fragmentation is done for two reasons:

  1. To allow 6 lower HTTP / 1.1 connections as browsers, the typical maximum is 6 simultaneous connections per domain. However, unless those seventh, eighth connections … etc. used a lot, the cost of setting them up may not be worth it. And under HTTP / 2, the limit is much higher (generally at least 100 simultaneous streams per connection).
  2. Domains without cookies to save in request sizes. But under HTTP / 2, the HTTP headers are compressed, so you're less concerned about this (and again, in my opinion, the value of this was overstated: how big cookies really are).

Looking at the web page test for your home page, you're loading the main page over the www domain, and then 6 assets over one static subdomain and 6 assets over the following subdomain and a few more on each:

Waterfall view

Here you can see the real cost of your 421s, as almost all connections need to be reestablished with one connection and SSL negotiation. Ignoring this for a moment, you can see that yes, you are downloading more than 6 resources at the same time in your two static subdomains. So if it is an HTTP / 1.1 connection, you would benefit from breaking the 6 connection limit for a moment. But you are also wasting the www connection which is down after the first request. This is made more obvious from the Connection View:

Connection view

So you can get rid of one of those subdomains and serve those assets for the www domain to get utilization of that first connection.

For HTTP / 2, you can also get rid of the other domain as it shouldn't be necessary. Then it can provide different results to HTTP / 2 and HTTP / 1.1 users, but that's tricky, all major browsers support HTTP / 2 and for 24 requests in total it won't even be a huge performance load going to a domain for those who don't.

In short, stop sharing domains without cookies unless you have a good reason to do so, as a quick glance at your homepage is not helping your performance anyway, and while you're addressing this issue 421, you it is hindering considerably.

ports: is it a security risk to host the CS: GO server on my PC?

The greatest risk is probably a 0 days or just a patch-less vulnerability in the CS: GO server software.

Against a 0 day you are quite helpless. You can give user running CS: GO processes as few permissions as possible. If your server is compromised, the attacker can only act with the permission of this user, as long as a local privilege escalation does not exploit as well. It is not very likely that you will be the victim of such a day 0, but it is always a residual risk when exposing a service to the Internet.

To avoid being compromised through an unpatched vulnerability, well, patch your CS: GO server regularly. Find out where users are informed about new patches and vulnerabilities and monitor these sources. If you can't patch immediately, consider turning off the server until you can patch it.

In case you don't offer the server 24/7 and play mainly yourself, shutdown server when not needed. Reducing the attack surface also means reducing the time that the service is available.

Linux: measure the latency / packet drop between the input and output interface of a speed limit transfer host

Somewhere between my sender and receiver, there is a host that explicitly limits my transfer speed.

I know it is a Linux host. The login interface for my traffic is eth0 and the output interface is eth1. The speed limiter is probably done somehow using Linux traffic control (tc), but I don't know the details.

From a previous offline comparison between pcap files recorded in eth0 Y eth1 interfaces I know the speed limiter adds significant packet latency (up to 15 seconds!) and packet loss (up to 16%), when I try carry out as much data as possible using iperf.

All traffic is TCP / IP. The source IP, destination IP, and destination port are known and constant. Only the source port switches between consecutive flows.

Given (root) access, is there a way to do a live measurement of packet latency and counters / drop rates? Or recorded in a file as time series data?

Which video host is the best?

and tell me it's not muffling on Sunday night :]

How to use my shared host directory with aws route 53 subdomain?

I have my web application hosted by a shared hosting provider (A2hosting). I need to link my web files on my shared hosting server to a subdomain on AWS Route 53. Can anyone advise me on this?

mining software: problem connecting to Slush pool with GUIMiner, I tried too many Host addresses to connect, every time it says the destination computer expressly rejects it

I am on Windows 10 with GUIminer, I want to mine in the slush group, but every time I go into each host address I see that it does not work in the slush group. I entered the correct login for my miner and in GUIminer it says that the destination computer expressly rejected it, I also have the Bitcoin kernel and I did not finish downloading it, the Bitcoin kernel and the GUIminer are on my external disk, can you do this? trouble?

So what is the problem and how can I fix it? Thank you.

Tips needed on: host will not allow DNS change

Renew a domain with wphostingspot (.) Com (WPHS) the day before it expires. WPHS resells domains for namecheap (.) Com. The next day, … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1803343&goto=newpost

Are gifts requested by my host, but purchased by me, items "requested from someone else" according to customs in Japan?

No, it does not count as an "item requested by someone else"


The question is not really clear in English. But if you take a look at the same form in French, question 1.6 translates as such:

Items that you can trust on for a time.

… which means, this time unequivocally:

Items that someone else gave / trusted you

This question is designed to find out if someone asked you to pass something through customs. If you are only bringing a gift for someone, you can check "No" even if they asked for that gift.

Basically, you should check "No" whenever you know what you are wearing. If you bought the gift yourself and packed it, that's fine. However, if a stranger gave you "a package" to deliver to Japan, then you don't know what you are carrying, it is a problem, and in this case you should check "Yes".


The original Japanese C5360 form also seems clearer than the English version. Says the following:

他人 か ら 預 か っ た も の

… which seems to translate to:

Something that gave me a stranger.

However, I am not a native speaker, so I cannot translate the meaning of this sentence with the same certainty as the previous French sentence.

Web hosting: How do I manage DNS with Godaddy but host the site at infinityfree.net?

Here is my situation. I used to host a site for a friend and now I want to migrate them to infinityfree.net since it is free and they agree. Currently, they bought the domain name through GoDaddy and I host the site through Bluehost.com. So, they have the name servers that point to ns1.bluehost.com Y ns2.bluehost.com. I understand that Bluehost is now managing all DNS records?

What I would like you to do is that I want you to manage all DNS through GoDaddy but host the site through infinityfree.net. However, looking at this https://infinityfree.net/support/add-your-own-domain/ it looks like they need to point the nameservers to infinityfree.net. Does this mean that they have to manage DNS through infinityfree.net?

How do I set them to manage DNS through Godaddy but then when they go to www.theirdomain.com and go to the site through infinityfree.net?

Advanced REST client ignores a custom host header

I am testing my proxy which simply sends a client request to a proxy server and returns a response. The current implementation requires the client to send the fully prepared valid request to the proxy (the value of the Host header must match a DNS of the proxy server from the predefined source code).

Here is my custom request for the proxy representing a www.example.com:
enter the image description here

But the result request that ARC sends to localhost is:

GET / HTTP/1.1
Host: localhost:1234
connection: close

it is then sent to www.example.com but the Host header is invalid, so 404 is returned as a result.