You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by tsaojk <ja...@interbiztech.com> on 2008/08/25 12:47:09 UTC

mod_jk not forwarding URI with escaped protocol string to Tomcat

Hi Folks, 

I am experiencing an rather odd issue with mod_jk not forwarding from Apache
to Tomcat for my web application. Basically, I have configured mod_jk to
forward everything under a webapp to Tomcat and things are working fine for
'regular' URI's

e.g. http://www.myhost.com/myApp/loginServletMapping

will work fine (request is forwarded to Tomcat). Problem arises when I have
a hyperlink in the body of an email that access a servlet in the same
webapp, where the hyperlink url is in the form

http://www.myhost.com/myApp/goToServlet/S325/http%3A%2F%2Fwww.abc.com

where I will get a 404 not found page returned by Apache when clicked. I
have monitored the mod_jk logs and the Tomcat logs and I am sure nothing
gets passed on when the above URL is being requested. I have done further
tests and foud that if I include anything with %3A%2F%2F (://) as part of
the path in the URI, then mod_jk will not forward.

Any pointers as to where I have gone wrong and is this a security design on
mod_jk's part? Have googled around for 2 days without much luck.

As a control test, I tried accessing the page directly with Tomcat using
http://www.myhost.com:8080/myApp/goToPage/S325/http%3A%2F%2Fwww.abc.com, it
will correctly as intended.

Here is my mod_jk config in httpd.conf

JkWorkersFile /usr/local/apache2/conf/extra/workers.properties
JkLogFile     "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/mod_jk.log
86400"
JkLogLevel    error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions     +ForwardKeySize +ForwardURIProxy -ForwardDirectories
JkRequestLogFormat     "%w %V %T"
JkShmFile    /var/log/httpd/jk.shm
JkShmSize    256

[below is contained within a VirtualHost directive ...]

JkMount /myApp/* w2

Incidentally, for the JkOption, I have tried using ForwardURIProxy,
ForwardURICompat, ForwardURICompatUnparsed and ForwardURIEscaped to no
avail.

I am running Apache 2.2.8 and Tomcat 5.5.26 with mod_jk 1.2.26 on Ubuntu
6.06

Many thanks for your help
James
-- 
View this message in context: http://www.nabble.com/mod_jk-not-forwarding-URI-with-escaped-protocol-string-to-Tomcat-tp19141501p19141501.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: mod_jk not forwarding URI with escaped protocol string to Tomcat

Posted by tsaojk <ja...@interbiztech.com>.

Dear Rainer

Thanks for the reply.

Added "AllowEncodedSlashes On" and the problem with URI forwarding to Tomcat
now resolved. I had to include within the VirtualHost directive though as I
originally tried including it at the global level but did not seem to work.

Applied your tips on mod_jk configuraiton as well.

Much appreciated, take care

James

-- 
View this message in context: http://www.nabble.com/mod_jk-not-forwarding-URI-with-escaped-protocol-string-to-Tomcat-tp19141501p19148191.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: mod_jk not forwarding URI with escaped protocol string to Tomcat

Posted by Rainer Jung <ra...@kippdata.de>.

Hi James,

tsaojk schrieb:
> Hi Folks, 
> 
> I am experiencing an rather odd issue with mod_jk not forwarding from Apache
> to Tomcat for my web application. Basically, I have configured mod_jk to
> forward everything under a webapp to Tomcat and things are working fine for
> 'regular' URI's
> 
> e.g. http://www.myhost.com/myApp/loginServletMapping
> 
> will work fine (request is forwarded to Tomcat). Problem arises when I have
> a hyperlink in the body of an email that access a servlet in the same
> webapp, where the hyperlink url is in the form
> 
> http://www.myhost.com/myApp/goToServlet/S325/http%3A%2F%2Fwww.abc.com
> 
> where I will get a 404 not found page returned by Apache when clicked. I
> have monitored the mod_jk logs and the Tomcat logs and I am sure nothing
> gets passed on when the above URL is being requested. I have done further
> tests and foud that if I include anything with %3A%2F%2F (://) as part of
> the path in the URI, then mod_jk will not forward.
> 
> Any pointers as to where I have gone wrong and is this a security design on
> mod_jk's part? Have googled around for 2 days without much luck.
> 
> As a control test, I tried accessing the page directly with Tomcat using
> http://www.myhost.com:8080/myApp/goToPage/S325/http%3A%2F%2Fwww.abc.com, it
> will correctly as intended.

See

http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

> Here is my mod_jk config in httpd.conf
> 
> JkWorkersFile /usr/local/apache2/conf/extra/workers.properties
> JkLogFile     "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/mod_jk.log
> 86400"
> JkLogLevel    error

"info" gives sometimes helpful additional information, whenever errors
occur. As long as only info output occurs, everything is fine.

> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Drop it, Default is usually better, e.g. contains milliseconds.

> JkOptions     +ForwardKeySize +ForwardURIProxy -ForwardDirectories

See below.

> JkRequestLogFormat     "%w %V %T"

You should include you JK access log in the usual access log using the
JK notes entries. See "mod_log_config" on page
http://tomcat.apache.org/connectors-doc/reference/apache.html.

> JkShmFile    /var/log/httpd/jk.shm
> JkShmSize    256
> 
> [below is contained within a VirtualHost directive ...]
> 
> JkMount /myApp/* w2
> 
> Incidentally, for the JkOption, I have tried using ForwardURIProxy,
> ForwardURICompat, ForwardURICompatUnparsed and ForwardURIEscaped to no
> avail.

Default should be fine for 1.2.26.

> I am running Apache 2.2.8 and Tomcat 5.5.26 with mod_jk 1.2.26 on Ubuntu
> 6.06

Regards,

Rainer


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org