Re: websocket header not passing a long with ProxyPass and mod_headers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Rainer, hi Mark,

Zitat von Rainer Jung <rainer.jung@xxxxxxxxxxx>:
Hi Mark,

Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
Hello, I have an operational setup where Apache httpd is proxying secure websockets traffic to an Apache Tomcat server. In other words, I'm using ProxyPass to pass traffic along to a WSS url.

I'm now having some issues trying to throw mod_headers into the mix. I'm attempting to manipulate the "Upgrade" header like so in my Apache httpd Virtual Host:

< LocationMatch "/somewhere" >
  RequestHeader set Upgrade websocket
  ProxyPass wss://192.168.1.77/some_url_on_tomcat <http://192.168.1.77/some_url_on_tomcat>
< / LocationMatch >

So, supposing the client sends something funky for Upgrade like "WebSocket" (as an older version of a certain websocket library does), this RequestHeader directive should, by my understanding, replace it with "websocket".

However, when I place %{Upgrade}i in both my Apache httpd and Apache Tomcat access logs, I'm finding that the modified Upgrade header appears only in my httpd access logs, Tomcat says it is getting the original unmodified value!

This is rather perplexing to me as my understanding is that RequestHeader should permanently alter that request header. The Tomcat setup I have is very straightforward and there should be no surprises there.

I've tried changing my RequestHeader usage to do an unset and add I've also tried adding the "early" directive to the end of RequestHeader, but that does not alter the behavior.

It sure seems like the problem is with how Apache httpd is passing things along somehow, but my research hasn't come up with an answer that explains it or offers a resolution. Am I missing something here?

Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24

You are probably proxying with mod_proxy_wstunnel. It seems to me that "Upgrade: WebSocket" is hard-coded in that module.

according to the docs, you can actually specify the protocol:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html :

"In fact the module can be used to upgrade to other protocols, you can set the upgrade parameter in the ProxyPass directive to allow the module to accept other protocol."

From https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass :

"Parameter "upgrade", default "WebSocket": Protocol accepted in the Upgrade header by mod_proxy_wstunnel. See the documentation of this module for more details."

So maybe setting "upgrade=websocket" as a ProxyPass parameter might already achieve what Mark is looking for?

Regards
Jens


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux