Re: Reverse Proxy trouble with mod_substitute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The proxy response input is dechunked as it is retrieved from the back end. Any chunking to the client is introduced by httpd after filtering.

It may be that the request deflate and inflate filters have comingled a zlib stream context?

On Tue, Sep 4, 2018, 12:43 Maarten Boekhold <boekhold@xxxxxxx> wrote:
Hi,

But I did try to inflate/rewrite/deflate in my first email... It just didn't work. I suspect something failed because the data was chunked...

Maarten

On September 4, 2018 20:20:18 "Gillis J. de Nijs" <gillis@xxxxxxxx.INVALID> wrote:

Yes, it is.  You can't rewrite something that's gzipped, so you'd have to unzip it first, or - like you did - never have it gzipped in the first place.

See also http://www.apachetutor.org/admin/reverseproxies where there's a full reverse proxy scenario configured and explained.  It uses the same technique you did, and alternatively suggests you can deflate, rewrite, inflate, if you so desire.

Regards,
Gillis

On Tue, Sep 4, 2018 at 3:19 PM, Maarten Boekhold <boekhold@xxxxxxx> wrote:
Hi all,

I decided to force HTTPD to remove the Accept-Encoding: gzip, deflate from the request, using:

RequestHeader unset Accept-Encoding

Now the response is properly processed by HTTPD. So it's likely an issue with one or both of:

Content-Encoding: gzip
Transfer-Encoding: chunked

Is this a known limitation?

Regards, Maarten



On 09/04/2018 11:53 AM, Maarten Boekhold wrote:
Hi all,

Apache HTTPD 2.4.34 on Windows 10 downloaded from Apache Haus.

I'm trying to move a corporate application behind a reverse proxy. In
the process, I need to move the path this application is published on, eg:

/webapp1 --> /suite/webapp1

"webapp1" contains a specific JSP that returns an HTML page with a lot
of _javascript_ inside, which hardcodes an absolute path "/service1". I
need to move that one as well to under the external "/suite/service1" path.

The GET /webapp1/the.jsp request has the following headers:

     GET /webapp1/the.jsp HTTP/1.1
     Accept: image/gif, image/jpeg, image/pjpeg,
application/x-ms-application, application/xaml+xml,
application/x-ms-xbap, */*
     Referer: <redacted>
     Accept-Language: en-US
     User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0;
WOW64; Trident/7.0; Touch; .NET4.0C; .NET4.0E; Tablet PC 2.0)
     Accept-Encoding: gzip, deflate
     Host: <redacted>
     Connection: Keep-Alive
     Cookie: JSESSIONID=24B3D3B40235B8E889A5F019081AAB41

The response (non-proxied) has the following headers

     HTTP/1.1 200
     Strict-Transport-Security: max-age=31536000;includeSubDomains
     X-Frame-Options: SAMEORIGIN
     X-Content-Type-Options: nosniff
     X-XSS-Protection: 1; mode=block
     Content-Type: text/html;charset=ISO-8859-1
     Transfer-Encoding: chunked
     Content-Encoding: gzip
     Vary: Accept-Encoding
     Date: Tue, 04 Sep 2018 06:52:12 GMT
     Server: <redacted>

I've set up the following in httpd.conf:

     FilterDeclare INFLATE_HTML CONTENT_SET
     FilterProvider INFLATE_HTML INFLATE "%{CONTENT_TYPE} =~ m|^text/html|"
     FilterProtocol INFLATE_HTML change=yes
     FilterTrace INFLATE_HTML 1

     FilterDeclare DEFLATE_HTML
     FilterProvider DEFLATE_HTML DEFLATE "%{CONTENT_TYPE} =~ m|^text/html|"
     FilterProtocol DEFLATE_HTML change=yes
     FilterTrace DEFLATE_HTML 1

     FilterDeclare SUBST_HTML
     FilterProvider SUBST_HTML SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
     FilterTrace SUBST_HTML 1

     <Location "/suite/webapp1/the.jsp">
         FilterChain +INFLATE_HTML +SUBST_HTML +DEFLATE_HTML

         ProxyPass ${internal}/webapp1/the.jsp
         ProxyPassReverse ${internal}/webapp1/the.jsp

         Substitute s|/service1|/suite/service1|n
     </Location>

This doesn't work. I can see the request being forwarded to the internal
application server, which executes successfully and responds with 200,
but something inside HTTPD doesn't work, and it ends up at the browser
with a 504 and no data (looking at this with Fiddler).

The HTTPD error.log file contains:


[Tue Sep 04 10:24:41.036087 2018] [proxy:trace1] [pid 452:tid 1352]
mod_proxy.c(766): [client 192.168.1.12:50120] AH03464: URI path
'/suite/webapp1/the.jsp' matches proxy handler
'proxy:https://internal/webapp1/the.jsp', referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:trace2] [pid 452:tid 1352]
proxy_util.c(2106): [client 192.168.1.12:50120] https: found worker
<redacted> for <redacted>/webapp1/the.jsp, referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
mod_proxy.c(1246): [client 192.168.1.12:50120] AH01143: Running scheme
https handler (attempt 0), referer: <redacted>
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2300): AH00942: HTTPS: has acquired connection for (<redacted>)
[Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2354): [client 192.168.1.12:50120] AH00944: connecting
<redacted>/webapp1/the.jsp to <redacted>, referer: <redacted>
[Tue Sep 04 10:24:41.043101 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(2563): [client 192.168.1.12:50120] AH00947: connected
/webapp1/the.jsp to <redacted>, referer: <redacted>
[Tue Sep 04 10:24:41.043101 2018] [proxy:trace2] [pid 452:tid 1352]
proxy_util.c(2997): HTTPS: fam 2 socket created to connect to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1296] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1280] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(3029): AH02824: HTTPS: connection established with <redacted>
[Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1352]
proxy_util.c(3199): AH00962: HTTPS: connection complete to <redacted>
[Tue Sep 04 10:24:41.045142 2018] [ssl:info] [pid 452:tid 1352] [remote
10.17.0.65:7230] AH01964: Connection to child 0 established (server
localhost:444)
[Tue Sep 04 10:24:41.065164 2018] [proxy:debug] [pid 452:tid 1280]
proxy_util.c(2315): AH00943: https: has released connection for (<redacted>)
[Tue Sep 04 10:24:41.066183 2018] [proxy:debug] [pid 452:tid 1296]
proxy_util.c(2315): AH00943: https: has released connection for (<redacted>)
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: SUBST_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: SUBST_HTML: type:
TRANSIENT, length: 10
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: SUBST_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: SUBST_HTML: type:
TRANSIENT, length: 512
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: DEFLATE_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 187
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 229
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 49
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: DEFLATE_HTML:
type: TRANSIENT, length: 37
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(86): [client 192.168.1.12:50120] AH01375: INFLATE_HTML
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 187
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 229
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 49
[Tue Sep 04 10:24:41.068170 2018] [filter:debug] [pid 452:tid 1352]
mod_filter.c(91): [client 192.168.1.12:50120] AH01376: INFLATE_HTML:
type: TRANSIENT, length: 37

(this might contain a few lines related to other requests as well).

I tried as well with "AddOutputFilterByType INFLATE:SUBSTITUTE:DEFLATE
text.html", doesn't work either.

Does anybody have any idea what I'm doing wrong?

Regards, Maarten



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux