Malformed http header

This is a multi-part message in MIME format.

------=_NextPart_000_007F_01C22F8C.0B927630
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi

I=B4m using the apache httpd as a proxy between the internet and =
apache-tomcat which serves dynamic pages.

For my vhost i=B4m using
proxypass / http://localhost:8081/webapp
proxypassreverse / http://localhost:8081/webapp

all works find and the pages get served as long as i do not access pages =
which use informations stored in the appropriate session..
if i work only with apache tomcat i get the following line in the http =
header:

Cookie: JSESSIONID=3DF291F12ABC86D02A8DE252ED67969218
which, as you surly all know, maps the user to his session..

but if i request the pages throught apache with mod_proxy this cookie =
line is simply MISSING in the http header which reaches tomcat.

I do not know if the sessionid is filtered out from the http header on =
the way to the client or on the way to the server.

So my question: what can i do that the correct sessionid can be =
exchanged between the client and the server apache tomcat) ?

thans for your help
greetings
mike

------=_NextPart_000_007F_01C22F8C.0B927630
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I=B4m using the apache httpd as a proxy =
between the
internet and apache-tomcat which serves dynamic pages.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>For my vhost i=B4m using </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>proxypass / <A
href=3D"http://localhost:8081/webapp">http://localhost:8081/ webapp</A></F=
ONT></DIV>
<DIV><FONT face=3DArial size=3D2>proxypassreverse / <A
href=3D"http://localhost:8081/webapp">http://localhost:8081/ webapp</A></F=
ONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>all works find and the pages get served =
as long as
i do not access pages which use informations stored in the appropriate
session..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>if i work only with apache tomcat i get =
the
following line in the http header:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Cookie:
JSESSIONID=3DF291F12ABC86D02A8DE252ED67969218<BR></FONT><FONT =
face=3DArial
size=3D2>which, as you surly all know, maps the user to his =
session..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>but if i request the pages throught =
apache with
mod_proxy this cookie line is simply MISSING in the http header which =
reaches
tomcat.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I do not know if the sessionid is =
filtered out from
the http header on the way to the client or on the way to =
the
server.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>So my question: what can i do that the =
correct
sessionid can be exchanged between the client and the server apache =
tomcat)
?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>thans for your help</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>greetings</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>mike</DIV></FONT></BODY></HTML>

------=_NextPart_000_007F_01C22F8C.0B927630--
Michael Mangeng [ Fr, 19 Juli 2002 01:23 ] [ ID #12046 ]

Re: Malformed http header

Michael Mangeng wrote:

> Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> which, as you surly all know, maps the user to his session..
>
> but if i request the pages throught apache with mod_proxy this cookie
> line is simply MISSING in the http header which reaches tomcat.

There are known problems with proxy and setting cookies in older
versions of proxy. If you are using proxy, either use v1.3.22 (the
original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
number of bugs fixed).

Regards,
Graham
--
-----------------------------------------
minfrin [at] sharp.fm
"There's a moon
over Bourbon Street
tonight..."
Graham Leggett [ Fr, 19 Juli 2002 07:56 ] [ ID #12047 ]

Re: Malformed http header

hi!

I forgot to mention that the httpd version is 1.3.26.
Looks like this bug is still present.

I will try to solve my problem with mod_jk.

thanx for your help, greetings
Michael


----- Original Message -----
From: "Graham Leggett" <minfrin [at] sharp.fm>
To: <modproxy-dev [at] apache.org>
Sent: Friday, July 19, 2002 7:56 AM
Subject: Re: Malformed http header


> Michael Mangeng wrote:
>
> > Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> > which, as you surly all know, maps the user to his session..
> >
> > but if i request the pages throught apache with mod_proxy this cookie
> > line is simply MISSING in the http header which reaches tomcat.
>
> There are known problems with proxy and setting cookies in older
> versions of proxy. If you are using proxy, either use v1.3.22 (the
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
> number of bugs fixed).
>
> Regards,
> Graham
> --
> -----------------------------------------
> minfrin [at] sharp.fm
> "There's a moon
> over Bourbon Street
> tonight..."
>
>
Michael Mangeng [ Fr, 19 Juli 2002 08:22 ] [ ID #12048 ]

Re: Malformed http header

On Friday 19 July 2002 07:56 am, Graham Leggett wrote:

> There are known problems with proxy and setting cookies in older
> versions of proxy. If you are using proxy, either use v1.3.22 (the
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
> number of bugs fixed).

Previous mod_proxy release doesn't carry all headers_out across redirect;
I have patched proxy_http.c in apache 1.3.23

In proxy_http.c u find:

/* handle the ProxyPassReverse mappings */
if ((urlstr =3D ap_table_get(resp_hdrs, "Location")) !=3D NULL)
ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, u=
rlstr));
if ((urlstr =3D ap_table_get(resp_hdrs, "URI")) !=3D NULL)
ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr=
));
if ((urlstr =3D ap_table_get(resp_hdrs, "Content-Location")) !=3D NUL=
L)
ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_=
map(r , urlstr));

resp_hdrs doesn't containd Set-Cookie :(
They have Location, URI & Content-Location


then resp_hdrs is copied onto r->headers_out:
proxy_http.c apache 1.3.23:
/* Setup the headers for our client from upstreams response-headers *=
/
ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);
After this, cookies are missed.
My patch save cookie before ap_overlap_tables, and then add them to r->he=
aders_out



in proxy_http.c apache 1.3.26 u find:
/* Setup the headers for our client from upstreams response-headers *=
/
ap_proxy_table_replace(r->headers_out, resp_hdrs);

If Graham is right (as I hope) using ap_proxy_table_replace instead of ap=
_overlap_tables
does fix the cookies problem (is it a bug? i dunno..)

I'm missing something?

--
Maurizio Marini=09=09
Maurizio Marini [ Fr, 19 Juli 2002 09:04 ] [ ID #12049 ]

Re: Malformed http header

Michael Mangeng wrote:

> I forgot to mention that the httpd version is 1.3.26.
> Looks like this bug is still present.

This could be something else - the previous bug involved two or more
cookies being reduced to one cookie (each one overwrote the previous
one). I understand you are getting one cookie reduced to no cookies...

Can you use something like tcpflow to see what the tomcat receives, as
opposed to what apache receives? Then we can see what it is doing.

Cookies are something that need to be treated carefully. One way of the
most common ways that cookies break is to have a different URL structure
on the backend and the frontend. The cookie's scope is not changed when
it passes through Apache, and it's quite possible your browser is not
returning the cookie because it believes the cookie is not within scope.

Regards,
Graham
--
-----------------------------------------
minfrin [at] sharp.fm
"There's a moon
over Bourbon Street
tonight..."
Graham Leggett [ Fr, 19 Juli 2002 09:17 ] [ ID #12050 ]

Re: Malformed http header

Maurizio Marini wrote:

> Previous mod_proxy release doesn't carry all headers_out across redirect;
> I have patched proxy_http.c in apache 1.3.23

Is this fix applied to the code yet?

> In proxy_http.c u find:
>
> /* handle the ProxyPassReverse mappings */
> if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
> ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
> if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
> ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
> if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
> ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r , urlstr));
>
> resp_hdrs doesn't containd Set-Cookie :(
> They have Location, URI & Content-Location

The purpose of the above lines is to rewrite the above three lines as
specified in the ProxyPassReverse directive. Cookies are passed as-is.
As you can see, the headers are lifted from resp_hdrs and returned to
resp_hdrs. Other headers (like cookies) remain unaltered, so there is no
problem there.

> then resp_hdrs is copied onto r->headers_out:
> proxy_http.c apache 1.3.23:
> /* Setup the headers for our client from upstreams response-headers */
> ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);

> After this, cookies are missed.

This is because of AP_OVERLAP_TABLES_SET. As each cookie is copied
across, it obliterates and previous "cookie" headers, thus you only end
up with the last cookie. This problem is fixed in v1.3.26.

> My patch save cookie before ap_overlap_tables, and then add them to r->headers_out

This only fixes the problem for cookies, where the problem exists for
headers in general.

> in proxy_http.c apache 1.3.26 u find:
> /* Setup the headers for our client from upstreams response-headers */
> ap_proxy_table_replace(r->headers_out, resp_hdrs);
>
> If Graham is right (as I hope) using ap_proxy_table_replace instead of ap_overlap_tables
> does fix the cookies problem (is it a bug? i dunno..)

The replace function was created to "replace an existing header if it
exists, but make sure that multiple headers are not obliterated during
the copy", thus fixing the problem.

Regards,
Graham
--
-----------------------------------------
minfrin [at] sharp.fm
"There's a moon
over Bourbon Street
tonight..."
Graham Leggett [ Fr, 19 Juli 2002 09:34 ] [ ID #12051 ]
Webserver » gmane.comp.apache.mod-proxy » Malformed http header

Vorheriges Thema: keepalive in 2.0.39 reverse proxy
Nächstes Thema: [STATUS] (httpd-proxy) Wed Jul 17 23:45:19 EDT 2002

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum