You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Mark Nenadov <ma...@gmail.com> on 2018/02/08 15:49:27 UTC

[users@httpd] websocket header not passing a long with ProxyPass and mod_headers

Hello, I have an operational setup where Apache httpd is proxying secure
websockets traffic to an Apache Tomcat server. In other words, I'm using
ProxyPass to pass traffic along to a WSS url.

I'm now having some issues trying to throw mod_headers into the mix. I'm
attempting to manipulate the "Upgrade" header like so in my Apache httpd
Virtual Host:

< LocationMatch "/somewhere" >
  RequestHeader set Upgrade websocket
  ProxyPass wss://192.168.1.77/some_url_on_tomcat
< / LocationMatch >

So, supposing the client sends something funky for Upgrade like "WebSocket"
(as an older version of a certain websocket library does), this
RequestHeader directive should, by my understanding, replace it with
"websocket".

However, when I place %{Upgrade}i in both my Apache httpd and Apache Tomcat
access logs, I'm finding that the modified Upgrade header appears only in
my httpd access logs, Tomcat says it is getting the original unmodified
value!

This is rather perplexing to me as my understanding is that RequestHeader
should permanently alter that request header. The Tomcat setup I have is
very straightforward and there should be no surprises there.

I've tried changing my RequestHeader usage to do an unset and add I've also
tried adding the "early" directive to the end of RequestHeader, but that
does not alter the behavior.

It sure seems like the problem is with how Apache httpd is passing things
along somehow, but my research hasn't come up with an answer that explains
it or offers a resolution. Am I missing something here?

Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24

Many thanks,
~Mark

Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers

Posted by "Jens-U. Mozdzen" <jm...@nde.ag>.

Hi Rainer, hi Mark,

Zitat von Rainer Jung <ra...@kippdata.de>:
> Hi Mark,
>
> Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
>> Hello, I have an operational setup where Apache httpd is proxying  
>> secure websockets traffic to an Apache Tomcat server. In other  
>> words, I'm using ProxyPass to pass traffic along to a WSS url.
>>
>> I'm now having some issues trying to throw mod_headers into the  
>> mix. I'm attempting to manipulate the "Upgrade" header like so in  
>> my Apache httpd Virtual Host:
>>
>> < LocationMatch "/somewhere" >
>>   RequestHeader set Upgrade websocket
>>   ProxyPass wss://192.168.1.77/some_url_on_tomcat  
>> <http://192.168.1.77/some_url_on_tomcat>
>> < / LocationMatch >
>>
>> So, supposing the client sends something funky for Upgrade like  
>> "WebSocket" (as an older version of a certain websocket library  
>> does), this RequestHeader directive should, by my understanding,  
>> replace it with "websocket".
>>
>> However, when I place %{Upgrade}i in both my Apache httpd and  
>> Apache Tomcat access logs, I'm finding that the modified Upgrade  
>> header appears only in my httpd access logs, Tomcat says it is  
>> getting the original unmodified value!
>>
>> This is rather perplexing to me as my understanding is that  
>> RequestHeader should permanently alter that request header. The  
>> Tomcat setup I have is very straightforward and there should be no  
>> surprises there.
>>
>> I've tried changing my RequestHeader usage to do an unset and add  
>> I've also tried adding the "early" directive to the end of  
>> RequestHeader, but that does not alter the behavior.
>>
>> It sure seems like the problem is with how Apache httpd is passing  
>> things along somehow, but my research hasn't come up with an answer  
>> that explains it or offers a resolution. Am I missing something here?
>>
>> Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24
>
> You are probably proxying with mod_proxy_wstunnel. It seems to me  
> that "Upgrade: WebSocket" is hard-coded in that module.

according to the docs, you can actually specify the protocol:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html :

"In fact the module can be used to upgrade to other protocols, you can  
set the upgrade parameter in the ProxyPass directive to allow the  
module to accept other protocol."

 From https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass :

"Parameter "upgrade", default "WebSocket": Protocol accepted in the  
Upgrade header by mod_proxy_wstunnel. See the documentation of this  
module for more details."

So maybe setting "upgrade=websocket" as a ProxyPass parameter might  
already achieve what Mark is looking for?

Regards
Jens


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers

Posted by Rainer Jung <ra...@kippdata.de>.

Hi Mark,

Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
> Hello, I have an operational setup where Apache httpd is proxying secure 
> websockets traffic to an Apache Tomcat server. In other words, I'm using 
> ProxyPass to pass traffic along to a WSS url.
> 
> I'm now having some issues trying to throw mod_headers into the mix. I'm 
> attempting to manipulate the "Upgrade" header like so in my Apache httpd 
> Virtual Host:
> 
> < LocationMatch "/somewhere" >
>    RequestHeader set Upgrade websocket
>    ProxyPass wss://192.168.1.77/some_url_on_tomcat 
> <http://192.168.1.77/some_url_on_tomcat>
> < / LocationMatch >
> 
> So, supposing the client sends something funky for Upgrade like 
> "WebSocket" (as an older version of a certain websocket library does), 
> this RequestHeader directive should, by my understanding, replace it 
> with "websocket".
> 
> However, when I place %{Upgrade}i in both my Apache httpd and Apache 
> Tomcat access logs, I'm finding that the modified Upgrade header appears 
> only in my httpd access logs, Tomcat says it is getting the original 
> unmodified value!
> 
> This is rather perplexing to me as my understanding is that 
> RequestHeader should permanently alter that request header. The Tomcat 
> setup I have is very straightforward and there should be no surprises there.
> 
> I've tried changing my RequestHeader usage to do an unset and add I've 
> also tried adding the "early" directive to the end of RequestHeader, but 
> that does not alter the behavior.
> 
> It sure seems like the problem is with how Apache httpd is passing 
> things along somehow, but my research hasn't come up with an answer that 
> explains it or offers a resolution. Am I missing something here?
> 
> Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24

You are probably proxying with mod_proxy_wstunnel. It seems to me that 
"Upgrade: WebSocket" is hard-coded in that module.

Regards,

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org