tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat)>
Subject Apache httpd / tomcat AJP connector(s?)
Date Wed, 24 Apr 2019 09:58:17 GMT

This is somewhat of an arcane question and somewhat straddling httpd and tomcat, so if I'm

on the wrong list for this, just let me know.

The question is : is there any particular reason why the combination mod_proxy + 
mod_proxy_ajp (in httpd), does not seem to follow the ProxyPreserveHost directive, when 
proxying something from httpd to tomcat ?

Re :
quote : "When enabled, this option will pass the Host: line from the incoming request to 
the proxied host, instead of the hostname specified in the ProxyPass line."
quote : "Note that usually no ProxyPassReverse directive is necessary. The AJP request 
includes the original host header given to the proxy, and the application server can be 
expected to generate self-referential headers relative to this host, so no rewriting is 

case :
Apache/2.4.25 (Debian)
Apache Tomcat/8.5.14 (Debian)
(on the same host "debx-dev")

(Note: the configuration listed below is fictitious, interpreted/anonymised/summarised for

the sake of example. I may thus have committed some typo/error; but I hope it provides a 
clear enough idea).

# uname -a
Linux debx-dev 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux

On "debx-dev" :
/etc/hosts : localhost

httpd config :
<VirtualHost *:80>
ProxyPass /mypath ajp://
ProxyPassReverse / ajp://
ProxyPreserveHost on

tomcat server.xml :

     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
         proxyName=""  />
     <Engine name="Catalina" defaultHost="localhost">
       <Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true">

Request sent to httpd with URL like :
Received "Host" header in httpd :


Request proxied to tomcat according to above config.

Received "Host" header in tomcat :



- Setting "ProxyPreserveHost off" in httpd does not change the behaviour in any obvious way
- removing or modifying the "proxyName" attribute in the Connector does not change the 
content of the received Host header in any way (*); neither do the <Alias> directives

inside the <Host>

According to the documentation referenced above, I would expect that the Host header as 
received by tomcat would be


but that does not seem to be the case.

So is this a case of the documentation being wrong, or me misunderstanding it, or a 
feature in mod_proxy/mod_proxy_ajp, or a bug in mod_proxy/mod_proxy_ajp, or something else

(*) this may well be changing the result of request.getServerName() and 
request.getServerPort() methods in tomcat, and I have not tested that.
But the point here concerns the received "Host" header itself.

(**) I have not really tested this right now, but I believe that when using mod_proxy + 
mod_proxy_http, to proxy requests to tomcat over HTTP, the ProxyPreserveHost directive 
*does* change the request Host header content.
(It definitely does when the back-end system proxied-to is another Apache httpd instead of



Note : in a more general sense, I would suggest this additionally :
(I am mentioning this here, just in case such options would be handled by mod_proxy_ajp 
rather than mod_proxy per se, and could be looked at at the same time as the main issue 

In httpd, the "ProxyPass" directive admits a series of "options" such as
ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery]
These have an effect on /this/ ProxyPass directive only (as opposed to /all/ ProxyPass 
The "ProxyPreserveHost" on the other hand seems "global" in effect, which seems to not 
allow doing this selectively, maybe depending on the request URI or the back-end host 
being proxied to.

It would seem more flexible (and clear) to implement the ProxyPreserveHost selectively, as

one of the options of the ProxyPass directive, like e.g.

ProxyPass /mypath ajp:// preservehost=[on|off]

(It may even be possible to handle this in such a way as to "override" the global 
ProxyPreserveHost directive, so as to preserve backward configuration compatibility).

Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message