Hello all,
We are having a problem where very occasionally rather than displaying a page a "save as " security window pops up.
It seems a very similar problem to http://osdir.com/ml/httpd-apache/2009-02/msg00660.html and
http://www1.il.squid-cache.org/mail-archive/squid-users/200712/0206.html which implies the header is sometimes getting
corrupt or lost and the browser is not recognising it as a compressed object and/or getting the old compressed version from local disk. The browser doesn't know what sort of a file it is hence the "save As" popup.
Corrupt headers does get mentioned in 2.2.15 PR 48359 but no idea whether its relevant or not.
We are using Apache, mod_proxy_ajp, mod_deflate and jboss sat on Redhat servers behind a Cisco Css load balancer
with session affinity set via arrowpoint cookies & SSL terminated at the CSS. Hopefully relevant config and versions below.
This is what we are seeing.
Successful example:
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2011 07:51:10 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP03 (build: SVNTag=JBPAPP_4_3_0_GA_CP03 date=200810241616)/JBossWeb-2.0
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-GB
Vary: User-Agent,Accept-Encoding
Content-Length: 16798
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; lang="en-GB" xml:lang="en-GB">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1" />
<base href="https://learning.learndirect.co.uk/laser/"; />
<title> . . .
etc . . . .
Unsuccessful example of the same page:
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2011 07:51:17 GMT
Vary: User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 4319
Then comes encrypted data . . .
The explanation of what is happening seems to make sense but no idea why the headers might be getting corrupt or lost. Any help or pointers would be much appreciated. More than happy to provide any info I've missed that
might be useful.
Many thanks
Andy Newsome
Email: anewsome@xxxxxxx
Server version: Apache/2.2.11 (Unix)
Red Hat Enterprise Linux Server release 5.1 (Tikanga)
JOboss: jboss-eap-4.3-CP03
Apache configuration:
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
ProxyPreserveHost On
ProxyDomain .xxxx.co.uk
<VirtualHost *:80>
ServerName xxx.xxxx.co.uk
ServerAlias laser-vip
DocumentRoot /xxx/static/laser
RewriteEngine On
RewriteRule ^$ https://xxx.xxx.co.uk/laser/
Include conf.d/xxx_static.cnf
# Over AJP to local JBoss
<Location /laser>
ProxyPass ajp://jboss-ip:8009/laser
ProxyPassReverse ajp://jboss-ip:8009/laser
</Location>
<Location /player>
ProxyPass ajp://jboss-ip:8009/player
ProxyPassReverse ajp://jboss-ip:8009/player
</Location>
</VirtualHost>
Mod_deflate configuration:
# Deflate configuration
<Location />
# Insert filter
# SetOutputFilter DEFLATE
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images. There is no advantage on doing so as they are already
# using their own compression methods and it can increase considerably the load
# on apache. Same for already compressed formats
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.avi$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mov$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mp4$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.rm$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.swf$ no-gzip dont-vary
SetEnvIfNoCase Content-Type "application/pdf" no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content. Important as
# we use mod_proxy + mod_jk
Header append Vary User-Agent env=!dont-vary
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript
application/javascript text/x-csv
</Location>
Additional config:
#
# This file is not loaded automatically, it's included by the virtual host
# with include conf.d/ufi_static.cnf
#
#RewriteEngine On
#RewriteLog /tmp/rewrite.log
#RewriteLogLevel 9
# If we have static files on /???/static/[container] apache will serve them instead
# of passing the request to JBoss
RewriteCond /???/static/%{REQUEST_URI} -f
RewriteRule ^/(arc|laser|FMIDashboard)/(.*)\.(js|css|gif|jpe?g|png)$ /???/static/$1/$2\.$3 [L]
<LocationMatch "^/(laser)/">
# expiration
ExpiresActive On
ExpiresByType text/css "access plus 15 days"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 15 days"
ExpiresByType text/javascript "access plus 15 days"
</LocationMatch>
<Directory /???/static>
# Enable eTAG
FileETag MTime Size
</Directory>
########################################################
<IfModule mod_deflate.c>
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
</IfModule>
______________________________________________________________________
Ufi Limited
Registered in England No. 3980770
Registered Office: Dearing House,
1 Young Street,
Sheffield, S1 4UP
This email has been scanned by the Symantec Email Security.cloud service.
______________________________________________________________________
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|