Malformed http header

Malformed http header

am 19.07.2002 01:23:23 von Michael Mangeng

This is a multi-part message in MIME format.

------=_NextPart_000_007F_01C22F8C.0B927630
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi

I=B4m using the apache httpd as a proxy between the internet and =
apache-tomcat which serves dynamic pages.

For my vhost i=B4m using=20
proxypass / http://localhost:8081/webapp
proxypassreverse / http://localhost:8081/webapp

all works find and the pages get served as long as i do not access pages =
which use informations stored in the appropriate session..
if i work only with apache tomcat i get the following line in the http =
header:

Cookie: JSESSIONID=3DF291F12ABC86D02A8DE252ED67969218
which, as you surly all know, maps the user to his session..

but if i request the pages throught apache with mod_proxy this cookie =
line is simply MISSING in the http header which reaches tomcat.

I do not know if the sessionid is filtered out from the http header on =
the way to the client or on the way to the server.

So my question: what can i do that the correct sessionid can be =
exchanged between the client and the server apache tomcat) ?

thans for your help
greetings
mike

------=_NextPart_000_007F_01C22F8C.0B927630
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">




Hi

 

I=B4m using the apache httpd as a proxy =
between the=20
internet and apache-tomcat which serves dynamic pages.

 

For my vhost i=B4m using

proxypass / href=3D"http://localhost:8081/webapp">http://localhost:8081/ webapp ONT>

proxypassreverse / href=3D"http://localhost:8081/webapp">http://localhost:8081/ webapp ONT>

 

all works find and the pages get served =
as long as=20
i do not access pages which use informations stored in the appropriate=20
session..

if i work only with apache tomcat i get =
the=20
following line in the http header:

 

Cookie:=20
JSESSIONID=3DF291F12ABC86D02A8DE252ED67969218
 face=3DArial=20
size=3D2>which, as you surly all know, maps the user to his =
session..

 

but if i request the pages throught =
apache with=20
mod_proxy this cookie line is simply MISSING in the http header which =
reaches=20
tomcat.

 

I do not know if the sessionid is =
filtered out from=20
the http header on the way to the client or on the way to =
the=20
server.

 

So my question: what can i do that the =
correct=20
sessionid can be exchanged between the client and the server apache =
tomcat)=20
?

 

thans for your help

greetings

mike


------=_NextPart_000_007F_01C22F8C.0B927630--

Re: Malformed http header

am 19.07.2002 07:56:58 von Graham Leggett

Michael Mangeng wrote:

> Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> which, as you surly all know, maps the user to his session..
>
> but if i request the pages throught apache with mod_proxy this cookie
> line is simply MISSING in the http header which reaches tomcat.

There are known problems with proxy and setting cookies in older
versions of proxy. If you are using proxy, either use v1.3.22 (the
original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
number of bugs fixed).

Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm
"There's a moon
over Bourbon Street
tonight..."

Re: Malformed http header

am 19.07.2002 08:22:43 von Michael Mangeng

hi!

I forgot to mention that the httpd version is 1.3.26.
Looks like this bug is still present.

I will try to solve my problem with mod_jk.

thanx for your help, greetings
Michael


----- Original Message -----
From: "Graham Leggett"
To:
Sent: Friday, July 19, 2002 7:56 AM
Subject: Re: Malformed http header


> Michael Mangeng wrote:
>
> > Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> > which, as you surly all know, maps the user to his session..
> >
> > but if i request the pages throught apache with mod_proxy this cookie
> > line is simply MISSING in the http header which reaches tomcat.
>
> There are known problems with proxy and setting cookies in older
> versions of proxy. If you are using proxy, either use v1.3.22 (the
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
> number of bugs fixed).
>
> Regards,
> Graham
> --
> -----------------------------------------
> minfrin@sharp.fm
> "There's a moon
> over Bourbon Street
> tonight..."
>
>

Re: Malformed http header

am 19.07.2002 09:04:56 von Maurizio Marini

On Friday 19 July 2002 07:56 am, Graham Leggett wrote:

> There are known problems with proxy and setting cookies in older
> versions of proxy. If you are using proxy, either use v1.3.22 (the
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
> number of bugs fixed).

Previous mod_proxy release doesn't carry all headers_out across redirect;
I have patched proxy_http.c in apache 1.3.23

In proxy_http.c u find:

/* handle the ProxyPassReverse mappings */
if ((urlstr =3D ap_table_get(resp_hdrs, "Location")) !=3D NULL)
ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, u=
rlstr));
if ((urlstr =3D ap_table_get(resp_hdrs, "URI")) !=3D NULL)
ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr=
));
if ((urlstr =3D ap_table_get(resp_hdrs, "Content-Location")) !=3D NUL=
L)
ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_=
map(r , urlstr));

resp_hdrs doesn't containd Set-Cookie :(
They have Location, URI & Content-Location


then resp_hdrs is copied onto r->headers_out:
proxy_http.c apache 1.3.23:
/* Setup the headers for our client from upstreams response-headers *=
/
ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);
After this, cookies are missed.
My patch save cookie before ap_overlap_tables, and then add them to r->he=
aders_out



in proxy_http.c apache 1.3.26 u find:
/* Setup the headers for our client from upstreams response-headers *=
/
ap_proxy_table_replace(r->headers_out, resp_hdrs);

If Graham is right (as I hope) using ap_proxy_table_replace instead of ap=
_overlap_tables
does fix the cookies problem (is it a bug? i dunno..)

I'm missing something?=20

--=20
Maurizio Marini

Re: Malformed http header

am 19.07.2002 09:17:13 von Graham Leggett

Michael Mangeng wrote:

> I forgot to mention that the httpd version is 1.3.26.
> Looks like this bug is still present.

This could be something else - the previous bug involved two or more
cookies being reduced to one cookie (each one overwrote the previous
one). I understand you are getting one cookie reduced to no cookies...

Can you use something like tcpflow to see what the tomcat receives, as
opposed to what apache receives? Then we can see what it is doing.

Cookies are something that need to be treated carefully. One way of the
most common ways that cookies break is to have a different URL structure
on the backend and the frontend. The cookie's scope is not changed when
it passes through Apache, and it's quite possible your browser is not
returning the cookie because it believes the cookie is not within scope.

Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm
"There's a moon
over Bourbon Street
tonight..."

Re: Malformed http header

am 19.07.2002 09:34:24 von Graham Leggett

Maurizio Marini wrote:

> Previous mod_proxy release doesn't carry all headers_out across redirect;
> I have patched proxy_http.c in apache 1.3.23

Is this fix applied to the code yet?

> In proxy_http.c u find:
>
> /* handle the ProxyPassReverse mappings */
> if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
> ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
> if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
> ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
> if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
> ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r , urlstr));
>
> resp_hdrs doesn't containd Set-Cookie :(
> They have Location, URI & Content-Location

The purpose of the above lines is to rewrite the above three lines as
specified in the ProxyPassReverse directive. Cookies are passed as-is.
As you can see, the headers are lifted from resp_hdrs and returned to
resp_hdrs. Other headers (like cookies) remain unaltered, so there is no
problem there.

> then resp_hdrs is copied onto r->headers_out:
> proxy_http.c apache 1.3.23:
> /* Setup the headers for our client from upstreams response-headers */
> ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);

> After this, cookies are missed.

This is because of AP_OVERLAP_TABLES_SET. As each cookie is copied
across, it obliterates and previous "cookie" headers, thus you only end
up with the last cookie. This problem is fixed in v1.3.26.

> My patch save cookie before ap_overlap_tables, and then add them to r->headers_out

This only fixes the problem for cookies, where the problem exists for
headers in general.

> in proxy_http.c apache 1.3.26 u find:
> /* Setup the headers for our client from upstreams response-headers */
> ap_proxy_table_replace(r->headers_out, resp_hdrs);
>
> If Graham is right (as I hope) using ap_proxy_table_replace instead of ap_overlap_tables
> does fix the cookies problem (is it a bug? i dunno..)

The replace function was created to "replace an existing header if it
exists, but make sure that multiple headers are not obliterated during
the copy", thus fixing the problem.

Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm
"There's a moon
over Bourbon Street
tonight..."