Hello World,
I have a strange problem. I have an angular app deployed in http server and for some users alone I see that one of the calls ( generate-token in this case) is not reaching the server (which happens to be a spring boot server deployed in websphere liberty).
1.1.1.1 - - [11/Mar/2022:09:42:50 -0400] "GET /application/dashboard HTTP/1.1" 200 11153 0 9143 -
1.1.1.1 - - [11/Mar/2022:09:42:50 -0400] "GET /application/5.97e05069c31d30d5372d.js HTTP/1.1" 200 16031 0 552 -
1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /assets/images/blue.png HTTP/1.1" 200 3887 0 469 -
1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 200 - 0 46802 -
1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /application/fontawesome-webfont.20fd1704ea223900efa9.woff2?v=4.7.0 HTTP/1.1" 200 77160 0 33090 -
1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 200 - 0 2108 -
1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 502 341 0 43550 -
Pertinent httpd.conf
ServerRoot "/usr/HTTPServer"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz
AddType image/x-icon .ico
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
<VirtualHost *:1025>
ServerName XXX.com
DocumentRoot "/usr/HTTPServer/htdocs"
SSLEnable
SSLProxyEngine on
SSLServerCert XX
Keyfile /venafi/XX.kdb
# The following protocols are disabled SSLv2, SSLv3, TLSv1 & TLSv1.1
SSLProtocolDisable SSLv2
SSLProtocolDisable SSLv3
SSLProtocolDisable TLSv10
SSLProtocolDisable TLSv11
# The following protocol is enabled
SSLProtocolEnable TLSv12
# Remove all Ciphers
SSLCipherSpec ALL NONE
# Enable Approved CipherSpec's Only
SSLCipherSpec ALL +9C
SSLCipherSpec ALL +9D
SSLCipherSpec ALL +C02B
SSLCipherSpec ALL +C02C
SSLCipherSpec ALL +C02F
SSLCipherSpec ALL +C030
</VirtualHost>
SSLInsecureRenegotiation off
TraceEnable off
CoreDumpDirectory /wslogs
# Block Files with Server Side Script - file extensions
<FilesMatch "^.*\.(sh|ksh|go|gsp|lp|op|lua|cgi|ipl|pl|php|rhtml?|py|rb?w|smx|lasso|tcl|dna|tpl|r|w)$">
Order Deny,Allow
Deny from all
</FilesMatch>
Alias /siteminderagent/pwcgi/ "/usr/local/webagent/pw/"
<Directory "/usr/local/webagent/pw/">
Options Indexes MultiViews ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /siteminderagent/pw/ "/usr/local/webagent/pw/"
<Directory "/usr/local/webagent/pw/">
Options Indexes MultiViews ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /siteminderagent/ "/usr/local/webagent/samples/"
<Directory "/usr/local/webagent/samples/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#To Disable HTTP TRACE / TRACK Method in all Directives
RewriteEngine On
RewriteLog "/wslogs/http/rewrite.log"
RewriteLogLevel 5
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [NC,L]
RewriteRule ^ index.html [NC,L]
and the .htaccess is
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.html [NC,L]
</IfModule>
Any idea why this happens ? This happens only for certain users and always. For all the other users it works well. We use siteminder before these calls are made to authenticate the users but it redirects appropriately and the angular app makes the above calls .
I would also like to see whether I can print the absolute url in the logs or get more debug information about the calls.
Thx
Vaidya