You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by tsaojk <ja...@interbiztech.com> on 2008/08/25 12:47:09 UTC
mod_jk not forwarding URI with escaped protocol string to Tomcat
Hi Folks,
I am experiencing an rather odd issue with mod_jk not forwarding from Apache
to Tomcat for my web application. Basically, I have configured mod_jk to
forward everything under a webapp to Tomcat and things are working fine for
'regular' URI's
e.g. http://www.myhost.com/myApp/loginServletMapping
will work fine (request is forwarded to Tomcat). Problem arises when I have
a hyperlink in the body of an email that access a servlet in the same
webapp, where the hyperlink url is in the form
http://www.myhost.com/myApp/goToServlet/S325/http%3A%2F%2Fwww.abc.com
where I will get a 404 not found page returned by Apache when clicked. I
have monitored the mod_jk logs and the Tomcat logs and I am sure nothing
gets passed on when the above URL is being requested. I have done further
tests and foud that if I include anything with %3A%2F%2F (://) as part of
the path in the URI, then mod_jk will not forward.
Any pointers as to where I have gone wrong and is this a security design on
mod_jk's part? Have googled around for 2 days without much luck.
As a control test, I tried accessing the page directly with Tomcat using
http://www.myhost.com:8080/myApp/goToPage/S325/http%3A%2F%2Fwww.abc.com, it
will correctly as intended.
Here is my mod_jk config in httpd.conf
JkWorkersFile /usr/local/apache2/conf/extra/workers.properties
JkLogFile "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/mod_jk.log
86400"
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURIProxy -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkShmFile /var/log/httpd/jk.shm
JkShmSize 256
[below is contained within a VirtualHost directive ...]
JkMount /myApp/* w2
Incidentally, for the JkOption, I have tried using ForwardURIProxy,
ForwardURICompat, ForwardURICompatUnparsed and ForwardURIEscaped to no
avail.
I am running Apache 2.2.8 and Tomcat 5.5.26 with mod_jk 1.2.26 on Ubuntu
6.06
Many thanks for your help
James
--
View this message in context: http://www.nabble.com/mod_jk-not-forwarding-URI-with-escaped-protocol-string-to-Tomcat-tp19141501p19141501.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: mod_jk not forwarding URI with escaped protocol string to
Tomcat
Posted by tsaojk <ja...@interbiztech.com>.
Dear Rainer
Thanks for the reply.
Added "AllowEncodedSlashes On" and the problem with URI forwarding to Tomcat
now resolved. I had to include within the VirtualHost directive though as I
originally tried including it at the global level but did not seem to work.
Applied your tips on mod_jk configuraiton as well.
Much appreciated, take care
James
--
View this message in context: http://www.nabble.com/mod_jk-not-forwarding-URI-with-escaped-protocol-string-to-Tomcat-tp19141501p19148191.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: mod_jk not forwarding URI with escaped protocol string to Tomcat
Posted by Rainer Jung <ra...@kippdata.de>.
Hi James,
tsaojk schrieb:
> Hi Folks,
>
> I am experiencing an rather odd issue with mod_jk not forwarding from Apache
> to Tomcat for my web application. Basically, I have configured mod_jk to
> forward everything under a webapp to Tomcat and things are working fine for
> 'regular' URI's
>
> e.g. http://www.myhost.com/myApp/loginServletMapping
>
> will work fine (request is forwarded to Tomcat). Problem arises when I have
> a hyperlink in the body of an email that access a servlet in the same
> webapp, where the hyperlink url is in the form
>
> http://www.myhost.com/myApp/goToServlet/S325/http%3A%2F%2Fwww.abc.com
>
> where I will get a 404 not found page returned by Apache when clicked. I
> have monitored the mod_jk logs and the Tomcat logs and I am sure nothing
> gets passed on when the above URL is being requested. I have done further
> tests and foud that if I include anything with %3A%2F%2F (://) as part of
> the path in the URI, then mod_jk will not forward.
>
> Any pointers as to where I have gone wrong and is this a security design on
> mod_jk's part? Have googled around for 2 days without much luck.
>
> As a control test, I tried accessing the page directly with Tomcat using
> http://www.myhost.com:8080/myApp/goToPage/S325/http%3A%2F%2Fwww.abc.com, it
> will correctly as intended.
See
http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes
> Here is my mod_jk config in httpd.conf
>
> JkWorkersFile /usr/local/apache2/conf/extra/workers.properties
> JkLogFile "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/mod_jk.log
> 86400"
> JkLogLevel error
"info" gives sometimes helpful additional information, whenever errors
occur. As long as only info output occurs, everything is fine.
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
Drop it, Default is usually better, e.g. contains milliseconds.
> JkOptions +ForwardKeySize +ForwardURIProxy -ForwardDirectories
See below.
> JkRequestLogFormat "%w %V %T"
You should include you JK access log in the usual access log using the
JK notes entries. See "mod_log_config" on page
http://tomcat.apache.org/connectors-doc/reference/apache.html.
> JkShmFile /var/log/httpd/jk.shm
> JkShmSize 256
>
> [below is contained within a VirtualHost directive ...]
>
> JkMount /myApp/* w2
>
> Incidentally, for the JkOption, I have tried using ForwardURIProxy,
> ForwardURICompat, ForwardURICompatUnparsed and ForwardURIEscaped to no
> avail.
Default should be fine for 1.2.26.
> I am running Apache 2.2.8 and Tomcat 5.5.26 with mod_jk 1.2.26 on Ubuntu
> 6.06
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org