You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Nacho Fernandez <zi...@gmail.com> on 2017/03/30 22:30:13 UTC

[users@httpd] Send header apache to java (jboss) through ajp

Hi everyone,

i need send header content “*X-Client-Cert*” from Apache Web Server
<https://ads.digitalpoint.com/go.php?k=Web+Server> to java application
deploy in Jboss, through AJP protocol.

With directive below, in Apache Virtual Host, i check Header reach Jboss
but application not found because can’t read public certificate client:

*RequestHeader set X-Client-Cert "%{SSL_CLIENT_CERT}s"*

When capture traffic in Jboss host with tcpdump i notice this trace:

*[truncated] X-Client-Cert: ——BEGIN
CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END CERTIFICATE——*

The Header name is sent!! with content. But i need receive this one so that
application be able to read public certificate client:

*[truncated] ——BEGIN CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END
CERTIFICATE——*

Anyone know how remove header name “*X-Client-Cert:*” in apache side and
only send data content?. Currently is impossible change source code in
application side.

Thanks in advance!
Regards

Re: [users@httpd] Send header apache to java (jboss) through ajp

Posted by Eric Covener <co...@gmail.com>.

On Fri, Mar 31, 2017 at 1:33 AM, Nacho Fernandez <zi...@gmail.com> wrote:
> I need remove only string 'X-Client-Cert:' because is not possible build
> certificate client. Everything else must remain.

This doesn't make sense unless you're saying the X-Client-Cert header
value also begins with the text "X-Client-Cert"?

As In:  "X-Client-Cert: X-Client-Cert ---BEGIN..."

But, there's no way your config creates that.

If you are sending header "X-Client-Cert" with value "---BEGIN..." you
can't "remove" the X-Client-Cert part. You're misundertanding several
things at once here.  It needs a name to be a header, and it needs a
name to be looked up.

--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Send header apache to java (jboss) through ajp

Posted by Nacho Fernandez <zi...@gmail.com>.

Hi Eric,
java app expect this content:

--BEGIN CERTIFICATE--xxxxxxxxxxxxx--END CERTIFICATE--

or

xxxxxxxxxxxxxxx

..in both cases this is public certificate client. If you save this content
to 'file.crt' you can view it.

The problem is that the content receive in jboss side is:

*X-Client-Cert: *——BEGIN CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END
CERTIFICATE——

I need remove only string 'X-Client-Cert:' because is not possible build
certificate client. Everything else must remain.

Regards!


El El vie, 31 mar 2017 a las 1:10, Eric Covener <co...@gmail.com>
escribió:

> On Thu, Mar 30, 2017 at 6:30 PM, Nacho Fernandez <zi...@gmail.com> wrote:
> > [truncated] X-Client-Cert: ——BEGIN
> > CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END CERTIFICATE——
> >
> > The Header name is sent!! with content. But i need receive this one so
> that
> > application be able to read public certificate client:
> >
> > [truncated] ——BEGIN CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END
> > CERTIFICATE——
> >
> > Anyone know how remove header name “X-Client-Cert:” in apache side and
> only
> > send data content?. Currently is impossible change source code in
> > application side.
>
>
> Removing the header name doesn't make any sense. Is it "---BEGIN
> CERTIFICATE" that you want to remove?
>
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Re: [users@httpd] Send header apache to java (jboss) through ajp

Posted by Eric Covener <co...@gmail.com>.

On Thu, Mar 30, 2017 at 6:30 PM, Nacho Fernandez <zi...@gmail.com> wrote:
> [truncated] X-Client-Cert: ——BEGIN
> CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END CERTIFICATE——
>
> The Header name is sent!! with content. But i need receive this one so that
> application be able to read public certificate client:
>
> [truncated] ——BEGIN CERTIFICATE——XXXXXXXXXXXXXXXXXXXXXXXXXX—END
> CERTIFICATE——
>
> Anyone know how remove header name “X-Client-Cert:” in apache side and only
> send data content?. Currently is impossible change source code in
> application side.


Removing the header name doesn't make any sense. Is it "---BEGIN
CERTIFICATE" that you want to remove?


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org