Reverse Proxy trouble with mod_substitute

[Maarten Boekhold <boekhold@xxxxxxx>]

Hi all,

Apache HTTPD 2.4.34 on Windows 10 downloaded from Apache Haus.

I'm trying to move a corporate application behind a reverse proxy. In
the process, I need to move the path this application is published on, eg:

/webapp1 --> /suite/webapp1

"webapp1" contains a specific JSP that returns an HTML page with a lot
of JavaScript inside, which hardcodes an absolute path "/service1". I
need to move that one as well to under the external "/suite/service1" path.

The GET /webapp1/the.jsp request has the following headers:

    GET /webapp1/the.jsp HTTP/1.1
    Accept: image/gif, image/jpeg, image/pjpeg,
application/x-ms-application, application/xaml+xml,
application/x-ms-xbap, */*
    Referer: <redacted>
    Accept-Language: en-US
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0;
WOW64; Trident/7.0; Touch; .NET4.0C; .NET4.0E; Tablet PC 2.0)
    Accept-Encoding: gzip, deflate
    Host: <redacted>
    Connection: Keep-Alive
    Cookie: JSESSIONID=24B3D3B40235B8E889A5F019081AAB41

The response (non-proxied) has the following headers

    HTTP/1.1 200
    Strict-Transport-Security: max-age=31536000;includeSubDomains
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Content-Type: text/html;charset=ISO-8859-1
    Transfer-Encoding: chunked
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Date: Tue, 04 Sep 2018 06:52:12 GMT
    Server: <redacted>

I've set up the following in httpd.conf:

    FilterDeclare INFLATE_HTML CONTENT_SET
    FilterProvider INFLATE_HTML INFLATE "%{CONTENT_TYPE} =~ m|^text/html|"
    FilterProtocol INFLATE_HTML change=yes
    FilterTrace INFLATE_HTML 1

    FilterDeclare DEFLATE_HTML
    FilterProvider DEFLATE_HTML DEFLATE "%{CONTENT_TYPE} =~ m|^text/html|"
    FilterProtocol DEFLATE_HTML change=yes
    FilterTrace DEFLATE_HTML 1

    FilterDeclare SUBST_HTML
    FilterProvider SUBST_HTML SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
    FilterTrace SUBST_HTML 1

    <Location "/suite/webapp1/the.jsp">
        FilterChain +INFLATE_HTML +SUBST_HTML +DEFLATE_HTML

        ProxyPass ${internal}/webapp1/the.jsp
        ProxyPassReverse ${internal}/webapp1/the.jsp

        Substitute s|/service1|/suite/service1|n
    </Location>

This doesn't work. I can see the request being forwarded to the internal
application server, which executes successfully and responds with 200,
but something inside HTTPD doesn't work, and it ends up at the browser
with a 504 and no data (looking at this with Fiddler).

The HTTPD error.log file contains:


[Tue Sep 04 10:24:41.036087 2018] [proxy:trace1] [pid 452:tid 1352]
mod_proxy.c(766): [client 192.168.1.12:50120] AH03464: URI path
'/suite/webapp1/the.jsp' matches proxy handler
'proxy:https://internal/webapp1/the.jsp', referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:trace2] [pid 452:tid 1352]
proxy_util.c(2106): [client 192.168.1.12:50120] https: found worker
<redacted> for <redacted>/webapp1/the.jsp, referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
mod_proxy.c(1246): [client 192.168.1.12:50120] AH01143: Running scheme
https handler (attempt 0), referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2300): AH00942: HTTPS: has acquired connection for (<redacted>)
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2354): [client 192.168.1.12:50120] AH00944: connecting
<redacted>/webapp1/the.jsp to <redacted>, referer: <redacted>
[Tue Sep 04 10:24:41.043101 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2563): [client 192.168.1.12:50120] AH00947: connected
/webapp1/the.jsp to <redacted>, referer: <redacted>
[Tue Sep 04 10:24:41.043101 2018] [proxy:trace2] [pid 452:tid 1352]
proxy_util.c(2997): HTTPS: fam 2 socket created to connect to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1296] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1280] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1352] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.065164 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(2315): AH00943: https: has released connection for (<redacted>)
[Tue Sep 04 10:24:41.066183 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(2315): AH00943: https: has released connection for (<redacted>)
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: SUBST_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: SUBST_HTML: type:
TRANSIENT, length: 10
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: SUBST_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: SUBST_HTML: type:
TRANSIENT, length: 512
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: DEFLATE_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 187
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 229
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 49
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 37
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: INFLATE_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 187
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 229
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 49
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 37

(this might contain a few lines related to other requests as well).

I tried as well with "AddOutputFilterByType INFLATE:SUBSTITUTE:DEFLATE
text.html", doesn't work either.

Does anybody have any idea what I'm doing wrong?

Regards, Maarten



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx