Hi Nik.

Am 18.08.19 um 15:25 schrieb Nik Mihelioudakis:
> Hi Aleksander,
> 
> Thanks for a quick response
> 
> Here are the details you requested
> 
> /usr/sbin/haproxy -vv
> HA-Proxy version 1.5.18 2016/05/10
> Copyright 2000-2016 Willy Tarreau <wi...@haproxy.org>

Okay you are on a rpm based system. Can you try to use a more modern version of
haproxy?

You can try to use this repo https://github.com/AxisNL/haproxy-rpmbuild

> Build options :

[snipp]

> 
> The relevant configuration is as follows

I hope you have some timeouts settings.

> frontend fe_WebLogic
>         bind *:8854
>         mode http
>         option  httplog
>         option http_proxy
>         option forwardfor

You want this to get the IP from client in X-Forwarded-For header

option forwardfor header X-Real-IP

http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4.2-option%20forwardfor

>         default_backend be_Weblogic
> 
> backend be_Weblogic
>         mode http
>         option httpchk OPTIONS /

This is default so useless, IMHO.
http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-option%20httpchk

>         cookie SERVERID insert indirect nocache
>         stick-table type string len 52 size 5M expire 30m
>         stick on urlp(jsessionid,;)

I'm not sure if this makes sense here. just comment it out and use only the
SERVERID Cookie.

>         stick on cookie(JSESSIONID)

There is no Cookie in your dump below. I would replace it with
          stick on cookie(SERVERID)

>         balance roundrobin
>         server server1 10.1.1.134:7779 weight 1 check cookie s1 port 7779 
> inter 20s
>         server server2 10.1.1.135:7779 weight 1 check cookie s2 port 7779 
> inter 20s
> 
> 
> And finally the (lengthy) output of the haproxy -d output.

Great.

> 00000000:fe_WebLogic.accept(0008)=0010 from [127.0.0.1:59160]

[snipp]

> 00000003:fe_WebLogic.accept(0008)=0010 from [127.0.0.1:59168]
> 00000003:fe_WebLogic.clireq[0010:ffffffff]: GET
> /forms/frmservlet?config=standaloneapp&standaloneapp=true&standaloneappver=12.2.1.3&ifsessid=WLS_FORMS.formsapp.400&acceptLanguage=en-us&ifcmd=startsession&iflocale=en-US
> HTTP/1.1
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: Host: server.test.com
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: X-Real-IP: 10.1.1.108
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: Connection: close
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: Cache-Control: no-cache
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: Pragma: no-cache
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: User-Agent: Java/1.8.0_181
> 00000003:fe_WebLogic.clihdr[0010:ffffffff]: Accept: text/html, image/gif,
> image/jpeg, *; q=.2, */*; q=.2
> 00000003:be_Weblogic.srvrep[0010:0011]: HTTP/1.1 200 OK
> 00000003:be_Weblogic.srvhdr[0010:0011]: Date: Sun, 18 Aug 2019 13:05:08 GMT
> 00000003:be_Weblogic.srvhdr[0010:0011]: Server: Oracle-HTTP-Server
> 00000003:be_Weblogic.srvhdr[0010:0011]: Cache-Control: no-cache,no-store
> 00000003:be_Weblogic.srvhdr[0010:0011]: Content-Length: 90
> 00000003:be_Weblogic.srvhdr[0010:0011]: Connection: close
> 00000003:be_Weblogic.srvhdr[0010:0011]: Content-Type: text/plain;charset=UTF-8

As I assumed Weblogic does only rewrite the body with the jsession id and don't
send any header with that information.

> 00000003:be_Weblogic.srvcls[0010:0011]
> 00000003:be_Weblogic.clicls[0010:0011]
> 00000003:be_Weblogic.closed[0010:0011]
> 00000004:fe_WebLogic.accept(0008)=0010 from [127.0.0.1:59170]
> 00000004:fe_WebLogic.clireq[0010:ffffffff]: GET
> /forms/lservlet;jsessionid=6myk1NmDcWR2t5m6cWsq_LnouLbbjLY92xtVGIBVxyvFMO43NSGV!-217731231?ifcmd=getinfo&ifhost=WIN10-TEST-VM1&ifip=169.254.195.131&fsalchecksum=%2FdlZU4MnGGqT4D7u1IkQPg%3D%3D

It's magic, here is now the jsessionid.

> HTTP/1.1
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: Host: server.test.com
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: X-Real-IP: 10.1.1.108
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: Connection: close
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: Cache-Control: no-cache
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: Pragma: no-cache
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: User-Agent: Java/1.8.0_181
> 00000004:fe_WebLogic.clihdr[0010:ffffffff]: Accept: text/html, image/gif,
> image/jpeg, *; q=.2, */*; q=.2
> 00000004:be_Weblogic.srvrep[0010:0011]: HTTP/1.1 200 OK
> 00000004:be_Weblogic.srvhdr[0010:0011]: Date: Sun, 18 Aug 2019 13:05:08 GMT
> 00000004:be_Weblogic.srvhdr[0010:0011]: Server: Oracle-HTTP-Server
> 00000004:be_Weblogic.srvhdr[0010:0011]: Cache-Control: no-cache,no-store
> 00000004:be_Weblogic.srvhdr[0010:0011]: Content-Length: 132
> 00000004:be_Weblogic.srvhdr[0010:0011]: Connection: close
> 00000004:be_Weblogic.srvhdr[0010:0011]: Content-Type: text/plain;charset=UTF-8
> 00000004:be_Weblogic.srvcls[0010:0011]
> 00000004:be_Weblogic.clicls[0010:0011]
> 00000004:be_Weblogic.closed[0010:0011]
> 
> In the highlighted entry is where the "jsessionid" is sent to the client, and
> from the debug it seems that haproxy doesn't examine the reply, or at least it
> is not shown in the debug.

>From my point of view have you now several options

Try to use `stick on cookie(SERVERID)` and see if it fix your case.

Setup weblogic server to add the set-cookie into the header.

e. g. https://docs.oracle.com/cd/E24329_01/web.1211/e21049/sessions.htm#i139724

* use res.cook when a set-cookie is send by weblogic

stick store-response res.cook(JSESSIONID)
http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#7.3.6-res.cook

* use newer haproxy with lua where you can get the jsessionid from the response
body. I have never used it before but the doc means it's possible.
  https://www.haproxy.com/blog/5-ways-to-extend-haproxy-with-lua/
  => AppletHTTP.receive
  
http://www.arpalert.org/src/haproxy-lua-api/2.0dev/index.html#AppletHTTP.receive

> **
> 
> Kind Regards,
> *
> **N Mihelioudakis*
> 
> E: n.mi...@outlook.com

Regards
Aleks

Reply via email to