httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Tkach <ntk...@gmail.com>
Subject [users@httpd] Strange Problem with POST + mod_jk
Date Thu, 08 Aug 2013 15:32:12 GMT
Not quite sure if this needs to wind up in this group or the tomcat list
since it kind of involves both.  I'm fairly sure it involves an Apache
misconfig, so thought I'd start here.

We've got an Apache facing the Internet with some Java app servers (both
jboss and tomcat), pretty standard thing.  It's got the jk status worker
locked down to only the internal IP addresses as usual.  That much seems to
work fine.  The weirdness is that if you do a "blank" POST to the root
context in the Apache it returns the jk status page *regardless of where
you are*.

So for instance, let's say my external site is http://baseco.com.  If I've
got the status worker mounted as /status, then http://baseco.com/status is
correctly *not* reachable from the outside (403 denied) and correctly *is*
reachable from the inside.

 However if I do a POST of blank lines:

POST / HTTP/1.0
Host:baseco.com


(there are two carriage returns here)

It acts as though you made a call to http://baseco.com/status (in the
contents-not the url).

Not sure what all parts of the config to include, but this is the general
outline

------------------------------
DirectoryIndex index.html index.html.var

<Directory />
    Options FollowSymLinks
    AllowOverride None
    <Limit GET POST HEAD>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST HEAD>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

JkMount /status mystatus
<Location /status>
    JkMount mystatus
    Order allow,deny
    Allow from all
    Deny from xx.yy.zz aa.bb.cc (subnets for external-facing firewalls)
</Location>
<VirtualHost externalip:external port>

</VirtualHost>
--------------------------------------

Then the really strange (to me) follow-up is that it seems to be related to
not having anything for an index page in the DocumentRoot directory (even
though we're blocking access to /).  As soon as you put an index.html file
out there in the DocumentRoot (even with just a blank line in it) the
problem goes away.

I'm trying to figure out how a request for / can "become" a call to
/status.  Any ideas?  I'm guessing it's something subtle about the config
and not an actual bug.

Mime
View raw message