You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Doherty, Thomas" <th...@acs-inc.com> on 2004/01/22 18:09:57 UTC
[users@httpd] Rewrite rule not forwarding HTTP/1.0 200 OK message
We have Apache 2.0.45 with the following rewrite rule:
RewriteRule ^/$ http://10.10.10.10:9254/default.htm [P]
RewriteRule ^/(.+) http://10.10.10.10:9254/$1 [P]
RewriteLog "/opt/hpws/apache/logs_privtest/mod_rewrite.log"
RewriteLogLevel 5
The Apache server is on HP-UX 11i talking to a Microsoft IIS (not
sure of the version) server. The client software is not a web browser but a
client that the application vendor supplied that uses HTTP. The client
authentication is done via NTLM using a "backward request header". There is
no authentication on the Apache server.
We have the following two issues:
1. Not every user can login. The vendor is saying that the users who
cannot login are sending less data than the users who can login. Apparently
there are different applications and the users who can't login are in an
application that has less data. They say the proxy (Apache) is not
forwarding any packets less than 4KB...I don't know where they got this
number. I did a tcpdump on the Apache server to compare the responses of a
user who works and one that doesn't. They are correct about Apache not
forwarding the packets for the users that don't work. The communication is
identical until the IIS responds with a HTTP/1.0 200 OK message. In both
instances Apache receives the reply from the IIS server but does not forward
it to the client in the case of the user that doesn't work. I cannot see any
difference between the two responses. Below are the HTTP contents of the
responses from both clients:
The HTTP message that Apache forwards
HTTP/1.0 200 OK..Connection:
Keep-Alive..Content-Length:1000000000..C2GSERVERIP:
172.30.9.220..C2GSESSIONTOKEN:
E7D08A74-5DF2-4348-8A9B-C4ED040F5D38..C2GERROR: 0..C2GROLE:
0..C2GUID: {B9FC3036-DDC0-4FF1-9B00-54A055E7C2FF}..
The HTTP message that Apache does not forward
HTTP/1.0 200 OK..Connection:
Keep-Alive..Content-Length:1000000000..C2GSERVERIP:
172.30.9.220..C2GSESSIONTOKEN:
617B6E2B-ECBE-43AB-A1FA-C69F7FCDB61B..C2GERROR: 0..C2GROLE:
0..C2GUID: {7C9B8675-0878-446F-BE92-C5AD566548E6}..
The rest of the trace, IP and TCP, are identical. There is nothing
in the error_log, mod_rewrite.log, or access_log that indicate a problem.
2. The users that can login take 2-5 minutes to authenticate. If you
put in an incorrect ID the server responds immediately with incorrect logon
information. I know this problem has more to do with NTLM "backward request
header" authentication, I was just wondering if there is something within
Apache that might be slowing down the authentication.
Has anyone else seen this issue before?
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org