tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jurrie Overgoor <>
Subject Apache proxy and Tomcat's j_security_check
Date Fri, 28 Nov 2003 08:12:47 GMT
Hello there,

I'm currently in the process of configuring Tomcat. The network
configuration is a bit above avarage:
The Tomcat 5.0.14 server serves a site at
The http requests come in to the router. The router is running Apache
1.3.22, and uses ProxyPass and ProxyPassReverse to forward the request to
the Tomcat server. So we access the site using a normal domainname (, and the
router routes it to This all goes well.

But... We use form based authentication using j_security_check to
authenticate our users. This goes wrong. The moment the user logs in
correctly, we get a "HTTP Status 400 - Invalid direct reference to form
login page" reply. The description field says: "The request sent by the
client was syntactically incorrect (Invalid direct reference to form login
page)." The funny thing is: when the user logs in INcorrectly, everything
goes ok (the user gets the right error page).

The most funny thing is that when we access the site directly (using,
all goes well. Still, I have the feeling the problem is with Tomcat, not the Apache proxy...

But what's wrong? How can I see what data j_security_check is getting, so I can
debug the problem? Does anyone have a solution whatsoever?
The Tomcat server is always behind the router in a dmz. I can not / will not
install Tomcat on the router for security reasons.

If anyone can give me directions where to look for an awnser, I'd be
gratefull. At the moment I'm just guessing, and I don't have any more
ideas... (So I'm kinda desperate)


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message