Strange Problem with POST + mod_jk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Not quite sure if this needs to wind up in this group or the tomcat list since it kind of involves both.  I'm fairly sure it involves an Apache misconfig, so thought I'd start here.

We've got an Apache facing the Internet with some Java app servers (both jboss and tomcat), pretty standard thing.  It's got the jk status worker locked down to only the internal IP addresses as usual.  That much seems to work fine.  The weirdness is that if you do a "blank" POST to the root context in the Apache it returns the jk status page *regardless of where you are*.

So for instance, let's say my external site is http://baseco.com.  If I've got the status worker mounted as /status, then http://baseco.com/status is correctly *not* reachable from the outside (403 denied) and correctly *is* reachable from the inside.

 However if I do a POST of blank lines:

POST / HTTP/1.0
Host:baseco.com


(there are two carriage returns here)

It acts as though you made a call to http://baseco.com/status (in the contents-not the url).

Not sure what all parts of the config to include, but this is the general outline

------------------------------
DirectoryIndex index.html index.html.var

<Directory />
    Options FollowSymLinks
    AllowOverride None
    <Limit GET POST HEAD>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST HEAD>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

JkMount /status mystatus
<Location /status>
    JkMount mystatus
    Order allow,deny
    Allow from all
    Deny from xx.yy.zz aa.bb.cc (subnets for external-facing firewalls)
</Location>
<VirtualHost externalip:external port>

</VirtualHost>
--------------------------------------

Then the really strange (to me) follow-up is that it seems to be related to not having anything for an index page in the DocumentRoot directory (even though we're blocking access to /).  As soon as you put an index.html file out there in the DocumentRoot (even with just a blank line in it) the problem goes away.

I'm trying to figure out how a request for / can "become" a call to /status.  Any ideas?  I'm guessing it's something subtle about the config and not an actual bug.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux