Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (nike.apache.org: local policy)
From: Andrew Newsome <anewsome@ufi.com>
To: "users@httpd.apache.org" <users@httpd.apache.org>
Thread-Topic: Save as popup issue - possible lost or corrupt headers 
Thread-Index: Acy1BCYks+q65K/FRYeYSLhfmuBsEw==
Date: Wed, 7 Dec 2011 17:17:55 +0000
Message-ID: <EA5AAB780C82A74C9A5DF1E16499F13C6BABC3@UFI-MBOX1.hq.ufi.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [users@httpd] Save as popup issue - possible lost or corrupt headers 

Hello all,

We are having a problem where very occasionally rather than displaying a p=
age a "save as " security window pops up.
It seems a very similar problem to http://osdir.com/ml/httpd-apache/2009-0=
2/msg00660.html and=20
http://www1.il.squid-cache.org/mail-archive/squid-users/200712/0206.html w=
hich implies the header is sometimes getting
 corrupt or lost and the browser is not recognising it as a compressed obj=
ect and/or getting the old compressed version from local disk. The browser=
 doesn't know what sort of a file it is hence the "save As" popup.

Corrupt headers does get mentioned in 2.2.15 PR 48359 but no idea whether =
its relevant or not.

We are using Apache, mod_proxy_ajp, mod_deflate and jboss sat on Redhat se=
rvers behind a Cisco Css load balancer
 with session affinity set via arrowpoint cookies & SSL terminated at the =
CSS. Hopefully relevant config and versions below.

This is what we are seeing.

Successful example:

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2011 07:51:10 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP03 (build: SVNTag=3DJBPAPP_4_3=
_0_GA_CP03 date=3D200810241616)/JBossWeb-2.0
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=3D0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=3DISO-8859-1
Content-Language: en-GB
Vary: User-Agent,Accept-Encoding
Content-Length: 16798
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.or=
g/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns=3D"http://www.w3.org/1999/xhtml" lang=3D"en-GB" xml:lang=3D"en=
-GB">
<head>
  <meta http-equiv=3D"Content-Type" content=3D"text/html;charset=3Diso-885=
9-1" />
  <base href=3D"https://learning.learndirect.co.uk/laser/" />

  <title> . . .
 etc . . . .


Unsuccessful example of the same page:

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2011 07:51:17 GMT
Vary: User-Agent
Connection: close
Content-Type: text/plain; charset=3DUTF-8
Content-Length: 4319

Then comes encrypted data . . .=20


The explanation of what is happening seems to make sense but no idea why t=
he headers might be getting corrupt or lost. Any help or pointers would be=
 much appreciated. More than happy to provide any info I've missed that
might be useful.

Many thanks

Andy Newsome
Email: anewsome@ufi.com


Server version: Apache/2.2.11 (Unix)
Red Hat Enterprise Linux Server release 5.1 (Tikanga)
JOboss: jboss-eap-4.3-CP03

Apache configuration:

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

=20
ProxyPreserveHost On
ProxyDomain .xxxx.co.uk

<VirtualHost *:80>
        ServerName xxx.xxxx.co.uk
        ServerAlias laser-vip
        DocumentRoot /xxx/static/laser

        RewriteEngine On
        RewriteRule ^$ https://xxx.xxx.co.uk/laser/

        Include conf.d/xxx_static.cnf

        # Over AJP to local JBoss
        <Location /laser>
                ProxyPass ajp://jboss-ip:8009/laser
                ProxyPassReverse ajp://jboss-ip:8009/laser
        </Location>
        <Location /player>
                ProxyPass ajp://jboss-ip:8009/player
                ProxyPassReverse ajp://jboss-ip:8009/player
        </Location>
     =20         =20
</VirtualHost>

Mod_deflate configuration:

# Deflate configuration
<Location />
        # Insert filter
#        SetOutputFilter DEFLATE
=20
        # Netscape 4.x has some problems...
        BrowserMatch ^Mozilla/4 gzip-only-text/html=20

        # Netscape 4.06-4.08 have some more problems
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
=20
        # MSIE masquerades as Netscape, but it is fine
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        # Don't compress images. There is no advantage on doing so as they=
 are already
        # using their own compression methods and it can increase consider=
ably the load
        # on apache. Same for already compressed formats
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip=
 dont-vary
        SetEnvIfNoCase Request_URI \.avi$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.mov$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.mp4$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.rm$ no-gzip dont-vary       =20
        SetEnvIfNoCase Request_URI \.swf$ no-gzip dont-vary       =20
        SetEnvIfNoCase Content-Type  "application/pdf" no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary

        # Make sure proxies don't deliver the wrong content. Important as
        # we use mod_proxy + mod_jk
        Header append Vary User-Agent env=3D!dont-vary

        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/c=
ss text/javascript application/x-javascript=20
application/javascript text/x-csv
</Location>

Additional config:

#
# This file is not loaded automatically, it's included by the virtual host=

# with include conf.d/ufi_static.cnf
#
#RewriteEngine On
#RewriteLog /tmp/rewrite.log
#RewriteLogLevel 9

# If we have static files on /???/static/[container] apache will serve the=
m instead
# of passing the request to JBoss
RewriteCond /???/static/%{REQUEST_URI} -f
RewriteRule ^/(arc|laser|FMIDashboard)/(.*)\.(js|css|gif|jpe?g|png)$ /???/=
static/$1/$2\.$3 [L]

<LocationMatch "^/(laser)/">
        # expiration
        ExpiresActive On
        ExpiresByType text/css "access plus 15 days"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/jpeg "access plus 1 month"
        ExpiresByType application/x-javascript "access plus 15 days"
        ExpiresByType text/javascript "access plus 15 days"
</LocationMatch>

<Directory /???/static>
        # Enable eTAG
        FileETag MTime Size
</Directory>

########################################################
<IfModule mod_deflate.c>
   DeflateFilterNote Input instream
   DeflateFilterNote Output outstream
   DeflateFilterNote Ratio ratio
</IfModule>

______________________________________________________________________

Ufi Limited=20
Registered in England No. 3980770=20
Registered Office: Dearing House,=20
1 Young Street,=20
Sheffield, S1 4UP=20

This email has been scanned by the Symantec Email Security.cloud service.

______________________________________________________________________

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org