RE: Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014.
> Also, possibly, somewhere between Tomcat 7.0.14 and 7.0.69, the AJP Connector > code in Tomcat has been modified, perhaps > to reject POST's with no content. > (In an intended or unintended way; after all, POSTs with no content aren't > exactly your standard thing, and could even be > forbidden by the HTTP RFC (I haven't checked)). > The Tomcat change log on the website may give some clue there. Thanks... it may well be that the newest version is acting correctly and the old verion was in the wrong! (My problem is I don't know how many times this was used in the code I've inherited!) I'll check the change log and maybe the HTTP refs and see what should happen with an "empty" POST. Thanks again. Derric The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014.
> On this list, it is preferred to not top-post, ... No problem. > There are 2 different modules in Apache httpd which can be used for this : > mod_jk and mod_proxy_ajp. > Which one are you using, and can you give us a version? OK... I inherited this, so don't know much about it ... but I don't see any help in the log files. Looking at the configs, I have (in /etc/httpd/conf.d/) both mod_jk.conf and proxy_ajp.conf. It appears that the mod_jk.conf is fleshed out and used. in the proxy_ajp.conf, only the module load is uncommented, there are no other commands in there. I have log files for mod_jk.conf as well... It looks like the apache might be 2.2.3. The mod_jk.so is dated Dec 17 2012. ((I will be replacing this server at a later stage of this project, but not at first)). A note... I did a network snapshot of the old and new and then the "fixed" new. The packet data in the old (7.0.14 tomcat) POST packet looks practically the same in all cases. In the new (7.0.69) case the response from tomcat is a "RSP:SEND HEADERS:400 Bad Request" but the old one just proceeds with calling the class and subsequent output.After I added a "name=submitbutton" to the "submit" button, the "fixed" new had a similar "POST" packet that was then followed immediately by a "REQ:Body" packet with "Data: submitbutton=blahlah" and the tomcat returned a "RSP:SEND HEADERS:200 OK" I don't have a lot of control over what versions I use ... I may only be "allowed" to install the current RedHat yum package. Derric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014.
I am so sorry about the version numbers those are 7! 7.0.14 and 7.0.69 tomcat-7.0.69-10.el7.noarch Thanks for the replies, sorry for the confusion Derric Scott -Original Message- From: André Warnier (tomcat) [mailto:a...@ice-sa.com] Sent: Monday, March 27, 2017 4:11 PM To: users@tomcat.apache.org Subject: Re: Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014. On 27.03.2017 23:03, Scott, Derric T wrote: > Hello: > > A question, perhaps a bug... > > I inherited a large application that has Apache in front, tomcat in back via > AJP1.3. I am moving everything to > "new" verisons. A new RedHat OS, newest tomcat RPM (7.0.69), etc. > > I ran into a snag and finally identified the culprit. The tomcat on the > backend went from 1.0.14 to 1.0.69. As far as I know, there exists no such Tomcat version. Where did you get this from ? (The current version is 8.5.(something)), major versions before that were 8.0.x, 7.0.x, 6.0.x,..) > As I understand HTTP/HTML, a FORM is POSTed with two packets, the > second one is "DATA" - at least that is what I see from tcpdump, etc. Note - > this is only via the AJP1.3 port 8009. Access via port 8080 works fine. > > The bottom line is that a FORM, submitted using POST via AJP, with NO > "DATA" packet, does NOT process as a form submission, but instead > returns a 400 HTTP error. This is the code that is working now on 1.0.14, > but will not work on 1.0.69. > > After a lot of experimentation, I determined that if I added ANYTHING > that produced a "DATA" packet, then it would work correctly. First example: > > style="font-size: 9pt;"> This fails with 400 error. > > Simply "naming" the submit button causes a "data" packet to be sent: > Causes success - and it makes a "DATA" packet > to be sent with the value of the button variable: > submitbutton="Do the Java Thing" First thing is : it is not really a "data packet". It is just a HTTP POST with/without body (content). > > Second case is a completely blank form without even a submit button, called > by a javascript routine. > Same results. If I add any variable, say a hidden variable of "blah" with a > value, it then works. > > SO, question ... between tomcat 1.0.14 and 1.0.69, what changed such that > the behavior of the "POST" > data processing changed? Is the current behavior correct and the old was > wrong, or vice versa? > Short of touching some untold number of forms in this large > application, is there any way to force correct behavior, preferably via > tomcat configs or something? > The first thing we would need to ascertain, is that you are really talking about tomcat. The versions above introduce a doubt.. > Thanks! > > Derric > > > The information contained in this message is proprietary and/or confidential. > If you are not the intended recipient, please: (i) delete the message and all > copies; (ii) do not disclose, distribute or use the message in any manner; > and (iii) notify the sender immediately. In addition, please be aware that > any message addressed to our domain is subject to archiving and review by > persons other than the intended recipient. Thank you. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014.
Hello: A question, perhaps a bug... I inherited a large application that has Apache in front, tomcat in back via AJP1.3. I am moving everything to "new" verisons. A new RedHat OS, newest tomcat RPM (7.0.69), etc. I ran into a snag and finally identified the culprit. The tomcat on the backend went from 1.0.14 to 1.0.69. As I understand HTTP/HTML, a FORM is POSTed with two packets, the second one is "DATA" - at least that is what I see from tcpdump, etc. Note - this is only via the AJP1.3 port 8009. Access via port 8080 works fine. The bottom line is that a FORM, submitted using POST via AJP, with NO "DATA" packet, does NOT process as a form submission, but instead returns a 400 HTTP error. This is the code that is working now on 1.0.14, but will not work on 1.0.69. After a lot of experimentation, I determined that if I added ANYTHING that produced a "DATA" packet, then it would work correctly. First example: This fails with 400 error. Simply "naming" the submit button causes a "data" packet to be sent: Causes success - and it makes a "DATA" packet to be sent with the value of the button variable: submitbutton="Do the Java Thing" Second case is a completely blank form without even a submit button, called by a javascript routine. Same results. If I add any variable, say a hidden variable of "blah" with a value, it then works. SO, question ... between tomcat 1.0.14 and 1.0.69, what changed such that the behavior of the "POST" data processing changed? Is the current behavior correct and the old was wrong, or vice versa? Short of touching some untold number of forms in this large application, is there any way to force correct behavior, preferably via tomcat configs or something? Thanks! Derric The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
