httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edel O Callaghan <ede...@gmail.com>
Subject Re: [users@httpd] Apache 2.4.3: Reverse Proxy: Why jsessionid is embedded into URL path of first POST after brower's cookie is cleared
Date Fri, 25 Jan 2013 21:31:42 GMT
Thank You for your reply.

We figured out the issue today

we escaped the URL as shown below and it all worked like magic!

RewriteRule ^\/home$ /index.jsp?DView=HomePage [R,L,P]


Thanks again,
Edel.

On Fri, Jan 25, 2013 at 9:26 PM, Kheng_Ee <kheng_ee_sim@yahoo.com> wrote:

> True no magic in IT.
> I posted the httpd configuration  in another thread....(The worker's
> properties is basic standard, I can only post it on Tuesday)
>
> *Sent:* Friday, 25 January 2013 2:02 PM
> *Subject:* Apache 2.4.3/mod_jk vs mod_proxy.
>
>
> This is the part of  httpd.conf for non-SSL request.
>
> <VirtualHost 192.168.220.121:80>
> DocumentRoot "/export/home/htdocs"
> ServerName  www.x.com
> ServerAdmin s@s.com
>
> <Location /index.html>
>         Redirect /index.html http://x.com/E/e.jsp
> </Location>
>
> Using mod_proxy, the line location and redirect allow BOTH  http://.x.comor
> http://x.com/index.html to go the the rightful url.
> However on mod_jk, only http://x.com.index.html works but with http:/x.comhas error 502
gateway error.
> The version of mod_jk used is 1.2.37
>
> Please advise.
>
>
>   ------------------------------
> *From:* Igor Cicimov <icicimov@gmail.com>
> *To:* users <users@httpd.apache.org>
> *Sent:* Friday, 25 January 2013 10:31 PM
> *Subject:* Re: [users@httpd] Apache 2.4.3: Reverse Proxy: Why jsessionid
> is embedded into URL path of first POST after brower's cookie is cleared
>
>
> On 25/01/2013 8:36 PM, "Kheng_Ee" <kheng_ee_sim@yahoo.com> wrote:
> >
> > Thanks guys for your reply.  I actually switched from reverse proxy to
> mod_jk and it solved it.  I didn't make any changes to tomcat.
> >
> > However, with mod_jk I bumped into another problem which I posted
> earlier.
> > The http://x.com has error 503.
> > http://x.com/index.html works.
> >
> > Those two url http://x.com and http://x.com/index.html were working
> using reverse proxy.
> >
> > So how do I go about fixing http:/x.com with error 503 (using mod_jk)
> > ______
> *sigh* let me get my crystal ball...nope cant find it so must ask you for
> your configuration! How on earth you expect people to help based on what
> you said above???
> And before you send something and then we have to ask for more, please
> send the mod_jk config including workers.properties file and the sections
> of the vhost or any other file where mod_jk is included in any way.
> __________________________
> > From: Igor Cicimov <icicimov@gmail.com>
> > To: users <users@httpd.apache.org>
> > Sent: Friday, 25 January 2013 7:02 PM
> >
> > Subject: Re: [users@httpd] Apache 2.4.3: Reverse Proxy: Why jsessionid
> is embedded into URL path of first POST after brower's cookie is cleared
> >
> >
> > On 25/01/2013 6:50 PM, "Igor Cicimov" <icicimov@gmail.com> wrote:
> > >
> > >
> > > On 25/01/2013 6:30 PM, "Chris Geer" <chris@cxtsoftware.com> wrote:
> > > >
> > > > On Tue, Jan 22, 2013 at 10:51 PM, Kheng-Ee Sim <
> kheng_ee_sim@yahoo.com> wrote:
> > > >>
> > > >> yes apache proxying to Tomcat 6 (backend server).
> > > >> those xx.jsp scripts are all in tomcat 6.
> > > >>
> > > >> apache and tomcat are on different systems.
> > > >>
> > > >> followed the ideas on documentation
> > > >> use proxypass and
> > > >> reverseproxypass
> > > >> and filter by location/locationmatch
> > > >>
> > > >> will post the apache config tomorrow.
> > > >
> > > >
> > > > This isn't due to anything in your apache httpd config. If you have
> sessions enabled in Tomcat and don't have a cookie present, it will send
> the cookie and add that url tag as well because it doesn't know if the
> browser supports cookies or not. You can disable that feature in Tomcat by
> adding  disableURLRewriting="true" to your Context element in your config.
> > > >>
> > > Thats what i also suggested but the op couldnt find the application
> context file and doesnt have much tomcat experience. Hence his focus on the
> apache side.
> > >
> > But i dont think it will help since later we found out the cookie is
> being added to the url by their own script and removing it brakes the whole
> process. You can find the scripts somewhere in this thread if you like to
> have a look.
> > > >>
> > > >> Sent from my iPhone
> > > >>
> > > >> On 23/01/2013, at 4:43 PM, Igor Cicimov <icicimov@gmail.com>
wrote:
> > > >>
> > > >>>
> > > >>> On Wed, Jan 23, 2013 at 3:53 PM, Kheng_Ee <kheng_ee_sim@yahoo.com>
> wrote:
> > > >>>>
> > > >>>> This is Apache 2.4.3 trace/log talking to Tomcat 6 using reverse
> proxy (ajp_proxy)
> > > >>>>
> > > >>>> [Wed Jan 23 14:43:58.464172 2013] [proxy_ajp:trace5] [pid
3989]
> ajp_header.c(598): [client 57.250.242.249:24921] ajp_unmarshal_response:
> Header[0] [Set-Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA48
> > > >>>> 8B343; Path=/dm; Secure], referer: http://xxx.com/ddd.html
> > > >>>
> > > >>>
> > > >>> This looks like the cookie (https one) is set by the backend
> server in the response header, presumably Tomcat. Since you didn't mention
> what are you proxy-ing to we can just guess. Also I'll guess that the
> backend server receives the traffic on SSL port..
> > > >>>
> > > >>>>
> > > >>>>
> > > >>>> [Wed Jan 23 14:43:58.465125 2013] [http:trace4] [pid 3989]
> http_filters.c(806): [client 57.250.242.249:24921]   Set-Cookie:
> JSESSIONID=3404058BD1B5FB200B52FA6DA488B343; Path=/dm; Secure, referer: ht
> > > >>>> tp://xxx.com/ddd.html
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:02.194316 2013] [core:trace5] [pid 3989]
> protocol.c(627): [client 57.250.242.249:24921] Request received from
> client: POST /dm/dm.jsp;jsessionid=3404058BD1B5FB200B52FA6DA488B343
> > > >>>>  HTTP/1.1
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:02.194953 2013] [http:trace4] [pid 3989]
> http_request.c(305): [client 57.250.242.249:24921]   Cookie:
> JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: https://xxx.com
> > > >>>> /dm/dm.jsp?language=En
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:02.195547 2013] [core:trace3] [pid 3989]
> request.c(227): [client 57.250.242.249:24921] request authorized without
> authentication by access_checker_ex hook: /dm/dm.jsp;jsessionid
> > > >>>> =3404058BD1B5FB200B52FA6DA488B343, referer:
> https://xxx.com/dm/dm.jsp?language=En
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:06.446938 2013] [http:trace4] [pid 3989]
> http_request.c(305): [client 57.250.242.249:24921]   Cookie:
> JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: http://xxx.com/
> > > >>>> ddd.html
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:06.449677 2013] [proxy_ajp:trace5] [pid
3989]
> ajp_header.c(293): [client 57.250.242.249:24921] ajp_marshal_into_msgb:
> Header[7] [Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA488B343
> > > >>>> ], referer: http://xxx.com/ddd.html
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:09.543835 2013] [http:trace4] [pid 3989]
> http_request.c(305): [client 57.250.242.249:24921]   Cookie:
> JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: https://xxx.com
> > > >>>> /dm/dm.jsp?language=En
> > > >>>>
> > > >>>> [Wed Jan 23 14:44:09.546812 2013] [proxy_ajp:trace5] [pid
3989]
> ajp_header.c(293): [client 57.250.242.249:24921] ajp_marshal_into_msgb:
> Header[7] [Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA488B343
> > > >>>> ], referer: https://xxx.com/dm/dm.jsp?language=En
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>> The steps taken to produce this log are :-
> > > >>>>
> > > >>>> 1) clear the cookies on the browser and restart browser.
> > > >>>> 2) Go link http://xxx.com/ddd.html (script on apache).  From
the
> html, it is suppose to call "POST /dm/dm.jsp"
> > > >>>> However, for strange reason on protocol.c, this first attempt
> after the 'cookie is cleared on the browser" it is calling
> POST/dm/dm.jsp;jsessionid=3404058BD1B5FB200B52FA6DA488B343 instead and
> failed with error 404.
> > > >>>>
> > > >>>>
> > > >>>> 3) subseqent attempts, from the html.. it will call "POST
> /dm/dm.jsp" successfully.
> > > >>>>
> > > >>>>
> > > >>>> I wonder why after the browser's cookie is cleared, the first
> POST is embedded with jsessionid (failed)
> > > >>>> and subsequent POST is not embedded with jessionid (successful)
> > > >>>
> > > >>>
> > > >>> Would be useful if you send the appropriate snippets of your
> apache config including the Proxy and VirtualHost (if any) sections and
> your backend server settings, if Tomcat that would be the Connector
> sections.
> > > >>>
> > > >
> >
> >
>
>
>

Mime
View raw message