tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: 2 POST requests to underlying Server
Date Wed, 11 Aug 2010 18:35:26 GMT
Let me demonstrate I have read the *entire* thread:

You stated on 8/10/2010 at 8:16am EDT:
> We also made sure there is no traffic /users using the web application during the tcp
dump taken.
>   
How?  Are you absolutely sure *no* client generated the POST request?

> ... This has happened in spite of blocking multiple button clicks on jsp page using jscript
filter.
>   
Are you sure?  As has been recommended, remove the browser and all it's
javascript from the equation.  Use wget or curl to manually fire just
*one* request and see what happens.

> My Observation as per TCP dump command, we clearly see multiple request being sent from
Apache to web server.
Not in question at all... but we've not seen any evidence the requests
were sourced from Apache.  They could just as easily come from a client
brower, a firewall or even a proxy server and passed on by Apache.

Stated multiple times in various messages of this thread:

> For simple test case we used 1 simple transaction Page  to do the
>  activity For insertion, but the since 2 request to web server ,we see
>  2 rows inserted in DB
>
>   
Still have the browser and it's javascript in the equation.  Plus I've
yet to see any evidence these requests are sourced from httpd or
mod_jk.  This could easily be the browser or some component between
httpd and the client.

You stated on 8/11/2010 at 1:07am EDT:

> The same test performed on the Internal IP (http://<ip:port>/ABCD), and was observed
that the single Post request was observed with single Insertion to DB ... compared to 2 POST
request via External IO ( http://ABCD.com )
>   

We have only ever seen a tcp dump in between Apache httpd and jboss and
only fragments at that.   Certainly not enough to believe the two are
requests are in any way related.  The POST command, headers, etc., ...
are far better evidence.

You stated on 8/11/2010 at 6:37am EDT:

> If needed I can even share the "Access Logs" of Apache so that the browser details match
[ IE 7+ / FFox 3+ ] are as available.
>   
I believe at least one of us has already asked for this.  Don't make me
dig up the quote(s).

Let me recap so I am very clear.  We have not seen any evidence that
these requests are from Apache and/or mod_jk.  They could very easily be
from:

-- a misbehaving client (client in this case is very broad including
hack attempts, search crawlers, browsers, etc., ...)
-- firewall
-- proxy server

Just to make matters a little more interesting, client id signatures can
easily be faked for any browser you can think of.   Just because it
claims to be IE doesn't mean it is.

A lot of us use mod_jk to connect apache to tomcat.  On the rare event
this kind of issue has cropped up it seems to always be as a result of
something outside apache mod_jk and tomcat.

--David


On 8/11/10 10:06 AM, Karthik Nanjangude wrote:
> Hi
>
>   
>>> Maybe you could try a capture from the client system (the one
>>>       
> w/ a browser open).
>
> As I have already posted the form [ please check last few mails exchanged ]
>
> If the Sample test on the web application is performed from Outer side world [http://www.xyx.com/abcd
]
>
> Tcp dump captured on Apache Http Server, 2 Post request are clearly visible with 12 sec
apart.
>
>
>
>
> If the Sample test on the same hosted web application performed from within the internally
IP/Port hosted [ http://xyx/abcd ]
>
> Tcp dump captured on JBoss [Tomcat Built in ] 1 Post request is visible
>
>
>
>
> Both of the samples were verified in 2 Browsers [IE 7+ / FF3 +] more then 6 times and
the info is captured via tcp Dump.
>
>
>   
>>> request with wget rather than browsers
>>>       
> Since the Application is in Production and need some Window Time for taking samples.
>
> I would definitely get back with the results  by EOD 2 morrow
>
>
> With regards
> Karthik
>
>
> -----Original Message-----
> From: David Smith [mailto:dns4@cornell.edu]
> Sent: Wednesday, August 11, 2010 7:23 PM
> To: Tomcat Users List
> Subject: Re: 2 POST requests to underlying Server
>
> Any chance we could see a snippet of access log showing the two
> requests?  All I really see here is two packet captures that *look* like
> they are from in between tomcat and iis (or whatever you are running as
> a front-end web server).  Since 10 addresses are not routeable this
> looks like all internal traffic.  Any chance you could verify this is
> happening (or not) between the client browser and your front-end web
> server?  Maybe you could try a capture from the client system (the one
> w/ a browser open).
>
> --David
>
> On 8/11/10 2:08 AM, Karthik Nanjangude wrote:
>   
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message