You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Martin Knoblauch <sp...@knobisoft.de> on 2011/05/27 16:45:29 UTC

[users@httpd] Re: Weird problerm accessing request headers from tomcat

Hi Martin,

the reverse proxy (gateway) in my case would be "apache1" me thinks. "apache2" 
definitely does not use mod_proxy/ProxyPass. It is just loadbalancing two tomcat 

instances using "mod_jk".

My problem is (maybe I was not clear) that "apache2" does see the 
X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers apparently 
added by "apache1", but that those are not visible in the requests reaching 
tomcat. If, just as an experiment, I use "RequestHeader set" in the "apache2" 
ssl configuration, tomcat sees them. Same is true for the "_PORT" and 
"_PROTOCOL" headers that are added on "apache1" via "RequestHeader set".

Did I express myself better this time? There must be some handling differences 
between headers added from mod_proxy (if that is used by apache1 I will not find 

out before some time next week) and those added by mod_headers.

Thanks

Martin :-)
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www:   http://www.knobisoft.de



----- Original Message ----
> From: Martin Gainty <mg...@hotmail.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Fri, May 27, 2011 3:29:32 PM
> Subject: RE: Weird problerm accessing request headers  from tomcat
> 
> 
> when your Apache2 is configured as reverse-proxy you are fowarding  
>IP,RequestedHost and Proxy-Server specifically:
> 
> When acting in a  reverse-proxy mode (using the ProxyPass directive, for 
>example),
>      mod_proxy_http adds several request headers in
>     order to  pass information to the origin server. These headers
>      are:
> 
>     X-Forwarded-ForThe IP address of the  client.X-Forwarded-HostThe original 
>host requested by the client in the Host 
>
>        HTTP request header.X-Forwarded-ServerThe hostname of  the proxy 
server.
> 
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
> 
> is this not the  case?
> Martin 
> ______________________________________________ 
> 
> 
> 
> 
> 
> 
> > Date: Fri, 27 May 2011 05:53:14 -0700
> >  From: spamtrap@knobisoft.de
> > Subject:  Weird problerm accessing request headers  from tomcat
> > To: users@tomcat.apache.org; users@httpd.apache.org
> > 
> >  Hi,
> > 
> >  sorry for the crosspost, but I am not sure where to  ask. I am trying to 
> > understand a weird problem accessing HTTP request  headers from a jsf page.
> > 
> >  The setup is as follows:
> > 
> > apache1 -> apache2 -> mod_jk -> tomcat
> > 
> >  Apache1 is accessible from the Internet and forwards requests to my 
>application 
>
> > to apache2. I have no direct control over the setup of apache1 and I  cannot 
>look 
>
> > at the configuration. Apache2 (2.0.63 on Linux) is  answering requests from 
>the 
>
> > intranet and forwards them via mod_jk  (1.2.30) to two loadbanced tomcats 
>(Linux, 
>
> > 6.0.32).
> > 
> >  Apache1 inserts the following variables into the requests it  forwards to 
> > Apache1. Apache1 can see them, I have checked that using  cgi-bin/printenv 
>(some 
>
> > values anonymized):
> > 
> >  HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
> >  HTTP_X_FORWARDED_HOST="xxx.yyy.net"
> > HTTP_X_FORWARDED_PORT="443"
> >  HTTP_X_FORWARDED_PROTOCOL="https"
> >  HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"
> > 
> >  If I try to read  those variables from the tomcat application using this 
> > facelett  code:
> > 
> >         <h:outputText style="font:  bold 14px sans-serif;"
> >                  value="X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']}"  />
> >         <br />
> >          <h:outputText style="font: bold 14px  sans-serif;"
> >                  value="X_FORWARDED_PROTOCOL: 
>#{header['X_FORWARDED_PROTOCOL']}" 
>
> >  />
> >         <br />
> >          <h:outputText style="font: bold 14px  sans-serif;"
> >                  value="X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']}" />
> >          <br />
> >          <h:outputText style="font: bold 14px sans-serif;"
> >                  value="X_FORWARDED_FOR:  #{header['X_FORWARDED_FOR']}" />
> >         <br  />
> >         <h:outputText style="font: bold  14px sans-serif;"
> >                  value="X_FORWARDED_SERVER: #{header['X_FORWARDED_SERVER']}" 
>/>
> >          <br />
> > 
> >  
> > Only  X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are 

> >  empty/null. It seem that somewhere they get dropped between Apache2, mod_jk 
>and 
>
> > Tomcat.
> > 
> >  Now, I know that _PORT and _PROTOCOL are  inserted at Apache1 using 
> > 'RequestHeader set X_FORWARDED_PROTOCOL  "https"', while I do not know how 
>the 
>
> > other three are generated. If I  add 'RequestHeader set X_FORWARDED_HOST 
> > "xxx.yyy.net"' to the  configuration from apache2, the application sees that 

> > header as well.  Confused? so am I :-(
> > 
> > Happy weekend
> > 
> > Martin 
> > ------------------------------------------------------
> > Martin  Knoblauch
> > email: k n o b i AT knobisoft DOT de
> > www:  http://www.knobisoft.de
> > 
> > 
> >  ---------------------------------------------------------------------
> > To  unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >  For additional commands, e-mail: users-help@tomcat.apache.org
> > 
>                             

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org