Fmota Tech

Hello,

we’ve a web service that receives SOAP RPC-encoded xml requests on HTTP through axis and tomcat 5.5.

We’d like to log every xml rq we receive using a Filter, because we’ve to write the xml to a file whose name depends on the xml request.

The problem is that one can call SevletRequest.getReader once.

So we extended

HttpServletRequestWrapper

with the class in attachment, to read the request body once in a string and then to wrap the getReader method. Then we create a “clone” of the request we receive in the filter

Is this a good way or there’s another standard way to read HTTP request body in a Filter?

Should we implement an axis handler?

Many many thanks in advance

Best regards

Bartolomeo

Hi All,

We have a hardware load balancer terminating SSL requests before making a plain-text connection with Tomcat. So that all contexts are aware that the request is actually a secure request, we have implemented the RemoteIpValve with a LB injected header. This works well for our apps. However, we have noticed that there is some processing of the request happening within the connector, before the valves are processed. In particular, the redirecting to URLs with a trailing slash. Because this processing is occurring before the valves are processed the Connector still thinks that the original request was a non-secure one, even though it was not. The result is that requests to https://domain.name/context are redirected to http://domain.name/context/ instead of to https://domain.name/context/. This is not major, because our LB then redirects from http://domain.name/context/ to https://domain.name/context/ and all is good (except for the extra redirect).

I can’t find any documentation on the order of events for the Connector, so I’m not sure what other decisions get made based on the request attributes, but assume there are others.

Is there another solution to handling proxied SSL requests so that Catalina as well as our apps are aware that the requests are secure??? One possibility is to have two Connectors (1 using the secure, scheme and serverPort attributes for secure and 1 for non-secure) and have the LB connect to the appropriate Connector depending on the request. But this effectively doubles the amount of config needed to be managed (2nd set of config for LB + 2nd connector), which is considerable when dealing with 6 TC clusters each with their own set of LB config.

Should I lodge an enhancement request for the Connector to become aware of proxied SSL requests (perhaps via an injected x-forwarded-proto header, ala WebLogic)?

Cheers,

Matt.

Hi,

I need to change the returned status and the location header of a response:

From To 302 -> 200 Location: somewhere->somewhere else

How can I do that with Apache HTTPD? Do I need some module?

Thanks, Julio

Sure:

java version “1.5.0_08″ Solaris 10 x86 Servlet Engine: Apache Tomcat/5.5.17

The connector is setup like so:

I’m testing with a JMeter SOAP request, which has keepalive turned on, then using wireshark to count packets, and comparing 5.5 to 6.

Thanks, Dan

Actually I am able to get the X-Forwarded-For fields on servers which are running Ubuntu and I have done same configuration on them. In CentOS I am not able to get them.With same configuration.

On Thu, Jun 3, 2010 at 11:08 PM, Emmanuel Bailleul wrote:

Hello,

I would like to have an http request received by an Apache 2.2 server executed (with the data served to the client), and resent to another server. The second server would then execute the request but would not serve any data back, or the first server would just ignore the answer.

Any idea if I can implement such a setup with Apache 2.2? Or maybe Apache is not appropriate here.

thank you

Hi William,

I reckon it should be mod_cgi, the CGI library I use is called “GNU CGI Library in C, v0.9.5″ which has been maintained for many years.

The function below is the way the CGI init and open the stream.

gcgiReturnType initCgi( ) { * /* Dup stdout to gcgiOut */* * gcgifd = dup(fileno(stdout));* * gcgiOut = fdopen(gcgifd, “w”);* . .

}

Then, free the resource but I didn’t see it close the file descriptor. It duplicate the standard output, is that the reason that don’t have to close it? I’ve tried to close the stdout, stderr, gcgiOut, stdin, but that didn’t work.

void freeCgi( ) { freeCgiQuery();

if (envVariablesFile != NULL) XFREE(envVariablesFile); if (cgiQueryFile != NULL) XFREE(cgiQueryFile); }

Thanks,

Best regards, honercek

On Fri, May 28, 2010 at 12:26 PM, William A. Rowe Jr. wrote:

On 5/26/2010 8:24 AM, Chen Chien-Yu wrote:

If the CGI closes the stream (EOF) then everything should still work out alright. How do you handle the CGI within httpd? mod_cgi, mod_cgid, or with mod_fcgid? Or with some other module?

Hi,

I encountered a problem after upgrading Apache to 2.2.15. The client will be stuck and load infinitely via the HTTP protocol, but it worked correctly in 2.0.55 before I upgraded.

I tried to sniffer the packet, and found 1. If the page size is larger, most of the page and http header will be received in the client but the last chunk won’t be sent out from the Apache. 2. If the page size is small, the client only can see the http header.

It seems that some packets are queued in the Apache, ..?! I describe the process as below, 1. Client send http request to the server, http://myhost/web.cgi, the cgi is implemented in GNU CGI which has been dead since 2002. 2. web.cgi fetches the login.html file and sends back to the client. 3. The client gets stuck…

There are some things weird: 1. When I remove the directive “Listen 443″ or “Keepalive On”, then the HTTP can work correctly via “Listen 80″ without stall. 2. If both the “Listen 443″ and “Listen 80″ are enabled, only the HTTPS can work. HTTP will have the problem I just mentioned.

Do you guys have any idea about my problem? Why the behavior of dealing with output file is different between HTTP and HTTPS protocol?

My Apache configuration

ServerRoot “/usr/local/apache” ServerName localhost PidFile /var/run/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 StartServers 5 MinSpareServers 5 MaxSpareServers 20 ServerLimit 20000 MaxClients 41 MaxRequestsPerChild 10000 NumServers 5 StartThreads 5 MinSpareThreads 5 MaxSpareThreads 10 MaxThreadsPerChild 20 Listen 80 User www Group www ServerAdmin you@example.com UseCanonicalName Off DocumentRoot “/usr/local/apache/htdocs” ” Options FollowSymLinks ExecCGI AllowOverride none Order allow,deny Allow from all UserDir diabled ErrorLog /var/log/error_log LogLevel warn ” AllowOverride None Options None Order allow,deny Allow from all TypesConfig conf/mime.types DefaultType text/plain MIMEMagicFile conf/magic DirectoryIndex web.cgi

AddHandler cgi-script .cgi HostnameLookups Off

ServerTokens Full ServerSignature On ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

BrowserMatch “Mozilla/2″ nokeepalive BrowserMatch “MSIE 4.0b2;” nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch “RealPlayer 4.0″ force-response-1.0 BrowserMatch “Java/1.0″ force-response-1.0 BrowserMatch “JDK/1.0″ force-response-1.0 BrowserMatch “Microsoft Data Access Internet Publishing Provider” redirect-caref BrowserMatch “^WebDrive” redirect-carefully BrowserMatch “^WebDAVFS/1.[012]” redirect-carefully BrowserMatch “^gnome-vfs” redirect-carefully

Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/log/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/log/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCryptoDevice cryptodev DocumentRoot “/usr/local/apache/htdocs” ServerName www.example.com ServerAdmin you@example.com ErrorLog /var/log/error_log TransferLog /var/log/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:-RC4:+AES:+DES:+3DES:+RSA:-RC2:-IDEA:+HIGH:+ME SSLCertificateFile /etc/cert/default SSLCertificateKeyFile /etc/cert/default.prv SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

Thanks in advance.

Best regards honercek

On Tue, May 25, 2010 at 7:18 PM, Baljeet Nijjhar wrote:

You have the answer to your question itself. If the thing works on IE 7 and not on IE 6, its 100% due to the weird bugs in IE 6. I don’t know the fixes to it, wait for some others to answer. I suggest you stop supporting IE 6 now.