subject:"RE\: Apache Tomcat jk connector 400 bad request"

Re: Apache Tomcat jk connector 400 bad request

2015-04-24 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/24/15 9:34 AM, Razi Ansari wrote:
> 
>> Date: Fri, 24 Apr 2015 09:15:29 -0400> From:
>> ch...@christopherschultz.net To: users@tomcat.apache.org Subject:
>> Re: Apache Tomcat jk connector 400 bad request
>> 
> Razi,
> 
> (What email program are you using? It doesn't seem to understand 
> mailing lists because your replies don't include the thread-id 
> required to properly-group mailing list threads. That's pretty 
> frustrating because all your messages look separate from the others
> in the thread.)
> 
>> Apologies for the email, I am using Window Live Mail as my mail
>> client.

It's okay. It's just a minor irritation. But it /will/ make the
archives a mess.

> On 4/24/15 8:10 AM, Razi wrote:
>>>> I checked up on the firewall, there is none between the
>>>> webserver and the jboss application server.
>>>> 
>>>> I had enabled the trace in modjk.log and found the following 
>>>> entries, with KeepAliveTimeout set to 5
> 
> What is KeepAliveTimeout? Is that your setting on httpd? If so,
> that only affects incoming requests from clients into httpd. It has
> no effect on the connections between httpd and Tomcat.
> 
>> KeepAliveTimeout, this is the one in httpd.conf of Apache Web 
>> Server. I set it to 5, i get the 400 error,increase it to 15,
>> don't get the error.

Yeah... that's really weird.

>>>> There is no error in the Jboss application server logs.
> 
> Interesting. What about the access log? Does JBoss even admit to 
> accepting the request?
> 
>> The access log ,shows time of request received  (%t), as
>> 15:31:53 2015 , with 300 seconds as the time taken to serve the
>> request (%D). But this line is actually printed 5 minutes
>> afterward with other requests which were received at 15:36:48 ,
>> and also it shows 400 as status. Another thing I notice in the
>> modjk.log, is that for this request, I only see the request
>> header getting printed, don't see any body getting printed in the
>> logs. On Jboss logs, I can see the request coming in, wait for 5
>> minutes and then process the request successfully.

The good news is that Tomcat is accepting the request, logging it,
etc. A 400 response usually means that the request is broken in some
way. It could be a partial request or something like that. For
instance, an HTTP/1.1 request that never provides the \r\n\r\n
required after the headers would just hang waiting or the \r\n\r\n.
When the request-read timeout (keepAliveTimeout, defaulting to
connectionTimeout, defaulting to -1; infinite) occurs, the connection
will simply cancel the in-flight request.

Have you set connectionTimeout or keepAliveTimeout to something other
than their defaults? This would be in the JBoss configuration. I don't
know how those timeouts are expressed in JBoss, but in Tomcat they
would be on the  element.

I think you might want to take this question to JBoss, especially if
you are using a version of JBoss that doesn't use Tomcat under the cover
s.

Your mod_jk configuration looks fine to me; I can't think of a reason
why you would be getting these dropped connections, unless you are
under some kind of attack by someone trying to exploit a
request-splitting vulnerability that exists somewhere in your stack.
(And it would have to exist, because some component is convinced that
there is a request that hasn't been fully made, and presumably the
client is only sending complete requests.)

You may have to pull-out a packet-sniffer for this one.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOk3CAAoJEBzwKT+lPKRYGSsQAJFkvk/lrhGT92Em2BRJfVnh
uzfHA3h8+Ynbgcc3CJzLGYleXbvC/HSIzcC1YTPmZZGs8mOBTz3yicwRwbrPryC/
OlqC4v0lloN0eTZ8dub7P6dUg8g5awP+4G6r8WEdZ55WuIReQgDo3kD/2Md8+RXF
rwPbOHFWUCwF56URqEEJ2fSbjH1D37lxT+oR6BCHGcRftoUmnffPCHXY5dY1RGNg
k8tuvREPvPz6HE00JYpIfnphCnS7z37fo+fQgNmyXqwKhE8aWnQZEZ2R5zlK+u78
7ex04iSIGFJSrh3vOci6Vq9R5i3dIBKK2s/WGuUQ9aKcAbcxnyqgfkz9ssp6fWUi
v4fQ+li1ZwwP9SYB6XgT6yGRwZ2UJsOGHfV93AkjzZ505vEJd6r1LjaB+ZxZ1Z6V
P2Km9VrQe844QdNOGphWTYaEDYUXjLScSlS8gAXWG/zh9r0dUravZiiXReXY8FLd
I6mkzK1+ThuOEQqvHDN+hN9ClrlSlQ9D6JbN90BdlhQQA/5PGlwyKluapG/4UEpe
0+vUALR6/IiQ4HwgrkitXGpOjPvVTZWnjs2pyS5ulezs5qzMNXdctKzWLsQ8tuR7
F/uosc575v1om/j2XKtrbK/+lNA2PSEJ9WhjLsL8dLygH1/jmL1LDJQwAeESzock
gLQX0EYmGUG8QJBI1+sq
=MlqE
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat jk connector 400 bad request

2015-04-24 Thread Razi Ansari


> Date: Fri, 24 Apr 2015 09:15:29 -0400> From: ch...@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: Apache Tomcat jk connector 400 bad request
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Razi,
> 
> (What email program are you using? It doesn't seem to understand
> mailing lists because your replies don't include the thread-id
> required to properly-group mailing list threads. That's pretty
> frustrating because all your messages look separate from the others in
> the thread.)
> 
Apologies for the email, I am using Window Live Mail as my mail client.

> On 4/24/15 8:10 AM, Razi wrote:
> > I checked up on the firewall, there is none between the webserver
> > and the jboss application server.
> > 
> > I had enabled the trace in modjk.log and found the following
> > entries, with KeepAliveTimeout set to 5
> 
> What is KeepAliveTimeout? Is that your setting on httpd? If so, that
> only affects incoming requests from clients into httpd. It has no
> effect on the connections between httpd and Tomcat.
> 
KeepAliveTimeout, this is the one in httpd.conf of Apache Web Server. I set it 
to 5, i get the 400 error,increase it to 15, don't get the error.

> > Apr21 15:31:53 2015 
> > [4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common
> .c(1399):
> >
> > 
> enter
> >  ... a bunch of other requests. ... Apr21 15:36:53 2015 
> > [4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common
> .c(1432):
> >
> > 
> exit
> > Apr21 15:36:53 2015 
> > [4023:140648883541760][trace]ajp_read_into_msg_buff::jk_ajp_common.c(1
> 487):
> >
> > 
> exit
> > Apr21 15:36:53 2015 
> > [4023:140648883541760][debug]ajp_send_request::jk_ajp_common.c(1766):
> >
> > 
> (worker12) browser stop sending data, no need to recover
> > unrecoverable error 400 , request failed Consumed 0 bytes of
> > remaining request data for worker aborting connection for worker 
> > attempting to map uri /error/http_bad_Request.html
> > 
> > There is no error in the Jboss application server logs.
> 
> Interesting. What about the access log? Does JBoss even admit to
> accepting the request?
The access log ,shows time of request received  (%t), as 15:31:53 2015 , with 
300 seconds as the time taken to serve the request (%D). But this line is 
actually printed 5 minutes afterward with other requests which were received at 
15:36:48 , and also it shows 400 as status.
Another thing I notice in the modjk.log, is that for this request, I only see 
the request header getting printed, don't see any body getting printed in the 
logs.
On Jboss logs, I can see the request coming in, wait for 5 minutes and then 
process the request successfully.

> 
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
> 
> iQIcBAEBCAAGBQJVOkHxAAoJEBzwKT+lPKRYrmAQAMBt4sgatAgrqHdSR9KxzYCo
> lUbdUjuQ+lGi/nCc/HALcDjVRTtbagSMsTcJxl5uzpUn9JbAwUN/+ERCh8mSMLyH
> jqIzrJD+lGJc+b5Eff6je3OFxZznpoieiN89oaodemVQzJW7oCSG5SNiYYqN6sBD
> cE01OE+V6sSohmqRNQ3Ieh4Maz4X9/J6qD2sq9ax+r5b71jZHeA6BK9//XOgolyV
> MeUSAuSC41ZnzdTMDozj8hrszilI5keBp4lWE0oIJJ7nHlkpqE0Zi13CN8NASUni
> Z2QQRu+SjVf5EHY9Cjek+qdr5z2HGdjQyxBIz7RW2a1EKH8jCU5f5tlb3Mjl2++k
> DywPlqfnJCeA03PPLuCnbiFW+M1M4JOoLrhKudwkKdsWz7SuURY1xy8G7ufue/ed
> 2d6hPINwVUb5Fr/FI7s2hj7ItZzx5IQ2DxSSCwdV3Ts0ePTK/acRKhu22lFfH0BH
> YnshsMkLrja7LlV5SpZeB9oCyPZl0ecoPnCy3K8sBdnDDGOddwflnSn97jgLRK+/
> j1Rr9CT+DXQLgiWeFnJZJ5Fq5HCG1EzoidZ4KBeMWQpxGr1ukmhxDbMkWMUE87X2
> ycG+GGAZ0x+xA0R8xyeN65hP/7cS+07FMHdKdw7rZAmf6BWyxC5FxFerVWRM2hPY
> IP4OKOfiXwivGBDwIgCC
> =ZBL9
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Apache Tomcat jk connector 400 bad request

2015-04-24 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/22/15 9:41 PM, Razi wrote:
> -Original Message- From: Christopher Schultz Sent:
> Thursday, April 23, 2015 8:03 AM To: Tomcat Users List Subject: Re:
> Apache Tomcat jk connector 400 bad request
> 
> Razi,
> 
> On 4/22/15 6:39 PM, Razi Ansari wrote:
>>  Original message  From: Christopher Schultz 
>>  Date: 04/23/2015  6:15 AM 
>> (GMT+08:00) To: Tomcat Users List  
>> Subject: Re: Apache Tomcat jk connector 400 bad request
> 
>>> If you decide to change your timeout values (I don't see a
>>> reason to
>>> 
>>> do so unless you are encountering some kind of related
>>> problem, and I
>>> 
>>> don't consider this to be a related problem), make sure they
>>> are
>>> 
>>> consistent between mod_jk and Tomcat's AJP connector.
> 
>> I tried inceasing the value of webserver KeepAliveTimeout to 15
>> and i dont get the 400 bad request error in the test environment.
>> But i really want to know the root cause before i move it to 
>> production. In my httpwatch i see the request going without any 
>> body ony header.
> 
> Without the change in KeepAliveTimeout, can you reproduce this
> error in your test environment? I would honestly be surprised if 
> KeepAliveTimeout is the trouble, here. For the AJP connector, the 
> KeepAliveTimeout is not relevant because AJP is by definition 
> keep-alive. You can disable it if you think doing so will improve
> the situation, but I don't have any reason to suspect it would.
> 
> It would be great to know whether the AJP connector or the HTTP 
> connector was the one failing. In Tomcat, the stack trace will
> include the thread identifier which includes the port number and
> protocol being used. Please include that with your stack traces
> when you find the m.
> 
> It would also be great to know which (exact) version of Tomcat is 
> being used under the hood. Check the logs during startup to see
> what Tomcat says it is.
> 
> -chris
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> Christopher,
> 
> When KeepAliveTimeOut is 5, 12 , I get the error, when its 15 and 
> above I don't get the error.

That's ... weird. Are these particularly large requests? Are your
clients on particularly slow connections?

> The versions of Apahce and Mod_jk are as follows
> 
> Apache 2.2.24 Mod_jk 1.2.37

There is a more resent version of mod_jk, but that one should be okay.
I'd upgrade if it's a possibility.

> I dont use Tomcat, my applicaton server is JBOSS EAP 6.1.0

I understand that. I can't remember when JBoss switched from using
Tomcat as its servlet container to using their own in-house container,
but older versions of JBoss use Tomcat internally, and that Tomcat has
a version number.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOkQTAAoJEBzwKT+lPKRYY0IP/RdNIVopTKebt2G7L4S5xgh2
TQKDEhybN5pHuk4VI/xIttQaCVGIfH6tK0msLrD2GzcEqtQBDeXcjYuf6J3OStRW
5Xwm/3Pi2GPOcEiBYhbb0bhaqy7asmAIeuKXH4lwKJMl4JJQnIDy0Wp9dcLcODSv
2mTEE2jSLwdb8+j0DneB72oFNkAoKDEQkVqR+ajsFqicZCx4LBUAvkudGFgwuJzU
nqDMCUKiq9hMso4BbiVYcVN4mf5eeE964JU6vf7Bt9mlA4ZZeiLnC52BdpeU2u3i
MJHNHG6udDafupj10++wo3jvtWjBPtKiHbqFg0Fwl2cjm4fCAkEdj7VP80o7nrSY
rApnFOt6l049TyWmYX0nmRFVRQxNHELkfpU8ZdvjYv1e0Q1OvZPu667GtD+zpFdz
ar/bhcuni2CSOh9+zq5R03RPs2GdOVqiL1yHuHH4e+/diQKf7aJY0UJjczWoj2vS
QYKRRIckDDHrA60iEs5XkaC0gM5/bwlCcgnlMppEcntAN64fPv47R+3FtRua0s3R
Jo71pUiIK91cKG+sHXDd9DBSFVM82TU20BM7mdrK6kHdxo8h1cQrAdMwGxt0+iWR
gJqoBBRJ5IxwBMoYlnVpWKdaiaZRssm/jU9wiwLYun4ZmuGOMwnoHzejMWmiTvt2
OkeF6mIuNrPSXqZKCXWD
=ktm0
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-24 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

(What email program are you using? It doesn't seem to understand
mailing lists because your replies don't include the thread-id
required to properly-group mailing list threads. That's pretty
frustrating because all your messages look separate from the others in
the thread.)

On 4/24/15 8:10 AM, Razi wrote:
> I checked up on the firewall, there is none between the webserver
> and the jboss application server.
> 
> I had enabled the trace in modjk.log and found the following
> entries, with KeepAliveTimeout set to 5

What is KeepAliveTimeout? Is that your setting on httpd? If so, that
only affects incoming requests from clients into httpd. It has no
effect on the connections between httpd and Tomcat.

> Apr21 15:31:53 2015 
> [4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common
.c(1399):
>
> 
enter
>  ... a bunch of other requests. ... Apr21 15:36:53 2015 
> [4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common
.c(1432):
>
> 
exit
> Apr21 15:36:53 2015 
> [4023:140648883541760][trace]ajp_read_into_msg_buff::jk_ajp_common.c(1
487):
>
> 
exit
> Apr21 15:36:53 2015 
> [4023:140648883541760][debug]ajp_send_request::jk_ajp_common.c(1766):
>
> 
(worker12) browser stop sending data, no need to recover
> unrecoverable error 400 , request failed Consumed 0 bytes of
> remaining request data for worker aborting connection for worker 
> attempting to map uri /error/http_bad_Request.html
> 
> There is no error in the Jboss application server logs.

Interesting. What about the access log? Does JBoss even admit to
accepting the request?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOkHxAAoJEBzwKT+lPKRYrmAQAMBt4sgatAgrqHdSR9KxzYCo
lUbdUjuQ+lGi/nCc/HALcDjVRTtbagSMsTcJxl5uzpUn9JbAwUN/+ERCh8mSMLyH
jqIzrJD+lGJc+b5Eff6je3OFxZznpoieiN89oaodemVQzJW7oCSG5SNiYYqN6sBD
cE01OE+V6sSohmqRNQ3Ieh4Maz4X9/J6qD2sq9ax+r5b71jZHeA6BK9//XOgolyV
MeUSAuSC41ZnzdTMDozj8hrszilI5keBp4lWE0oIJJ7nHlkpqE0Zi13CN8NASUni
Z2QQRu+SjVf5EHY9Cjek+qdr5z2HGdjQyxBIz7RW2a1EKH8jCU5f5tlb3Mjl2++k
DywPlqfnJCeA03PPLuCnbiFW+M1M4JOoLrhKudwkKdsWz7SuURY1xy8G7ufue/ed
2d6hPINwVUb5Fr/FI7s2hj7ItZzx5IQ2DxSSCwdV3Ts0ePTK/acRKhu22lFfH0BH
YnshsMkLrja7LlV5SpZeB9oCyPZl0ecoPnCy3K8sBdnDDGOddwflnSn97jgLRK+/
j1Rr9CT+DXQLgiWeFnJZJ5Fq5HCG1EzoidZ4KBeMWQpxGr1ukmhxDbMkWMUE87X2
ycG+GGAZ0x+xA0R8xyeN65hP/7cS+07FMHdKdw7rZAmf6BWyxC5FxFerVWRM2hPY
IP4OKOfiXwivGBDwIgCC
=ZBL9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-24 Thread Razi


hi Christopher,

I checked up on the firewall, there is none between the webserver and the 
jboss application server.


I had enabled the trace in modjk.log and found the following entries, with 
KeepAliveTimeout set to 5


Apr21 15:31:53 2015 
[4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common.c(1399): 
enter


... a bunch of other requests.
...
Apr21 15:36:53 2015 
[4023:140648883541760][trace]ajp_read_fully_from_server::jk_ajp_common.c(1432): 
exit
Apr21 15:36:53 2015 
[4023:140648883541760][trace]ajp_read_into_msg_buff::jk_ajp_common.c(1487): 
exit
Apr21 15:36:53 2015 
[4023:140648883541760][debug]ajp_send_request::jk_ajp_common.c(1766): 
(worker12) browser stop sending data, no need to recover

unrecoverable error 400 , request failed
Consumed 0 bytes of remaining request data for worker
aborting connection for worker
attempting to map uri /error/http_bad_Request.html

There is no error in the Jboss application server logs.


Warm Regards
Razi A. Ansari
HP # 90625741
-Original Message- 
From: Razi

Sent: Thursday, April 23, 2015 9:41 AM
To: Tomcat Users List
Subject: Re: Apache Tomcat jk connector 400 bad request

Christopher,

When KeepAliveTimeOut is 5, 12 , I get the error, when its 15 and above I
don't get the error.

The versions of Apahce and Mod_jk are as follows

Apache 2.2.24
Mod_jk 1.2.37

I dont use Tomcat, my applicaton server is JBOSS EAP 6.1.0

I will get back to you with more logs. Thanks

Warm Regards
Razi A. Ansari

-Original Message- 
From: Christopher Schultz

Sent: Thursday, April 23, 2015 8:03 AM
To: Tomcat Users List
Subject: Re: Apache Tomcat jk connector 400 bad request

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/22/15 6:39 PM, Razi Ansari wrote:

 Original message  From: Christopher Schultz
 Date: 04/23/2015  6:15 AM
(GMT+08:00) To: Tomcat Users List 
Subject: Re: Apache Tomcat jk connector 400 bad request


If you decide to change your timeout values (I don't see a reason
to

do so unless you are encountering some kind of related problem,
and I

don't consider this to be a related problem), make sure they are

consistent between mod_jk and Tomcat's AJP connector.


I tried inceasing the value of webserver KeepAliveTimeout to 15 and
i dont get the 400 bad request error in the test environment. But
i really want to know the root cause before i move it to
production. In my httpwatch i see the request going without any
body ony header.


Without the change in KeepAliveTimeout, can you reproduce this error
in your test environment? I would honestly be surprised if
KeepAliveTimeout is the trouble, here. For the AJP connector, the
KeepAliveTimeout is not relevant because AJP is by definition
keep-alive. You can disable it if you think doing so will improve the
situation, but I don't have any reason to suspect it would.

It would be great to know whether the AJP connector or the HTTP
connector was the one failing. In Tomcat, the stack trace will include
the thread identifier which includes the port number and protocol
being used. Please include that with your stack traces when you find the
m.

It would also be great to know which (exact) version of Tomcat is
being used under the hood. Check the logs during startup to see what
Tomcat says it is.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVODbWAAoJEBzwKT+lPKRYiBkP+QENinLAv9vXdjDi598Av56n
nin9n4jzkgVaMC7h/EpzM81w7rjVoNdfD9d3j472hQFyUY+x9iQwDxNRc25t7VHH
jwq21AZBqRDn6hNvLxxpXyKqVuLImZ08GFzI4PdelIQ0IuZ2WlRQwW1xNtcVZKgh
yq1/Az1zK82rzrIH8WJhu0frYNd5mqrrEEVCQfUs3pEJyqf0uQFM8buVVKScla3x
sb6qjo3+XCHGZ/KXFllr0t0E7fGlk7xP8NhRLzSO7AkDvUgk7SzAryN2VmwbTn3w
KbO3bzT7dQse+1ykj246L+TqIWJOsycooGagTRtH7kW/5jRXS6b8kLL08XhLY70z
Ybcfbd1gwIbihm29LsOaU54hWTyQYa5cSAzCXEaQsGUfaoDsuU4L69Uf+G40QcO6
c1cCvJImSFjpmVcoVtVitT+U6vDDK0kIcuyrb766GCyde2pRlFswCMho2GN2yT6L
2e9v9xqmLANZE0iaJpK2qUVE/efh1m+API/wFYXqnQhe2S5V8fXAGXM/rJdeOQNL
IXMZN4E1moVClbaKVn+TbtcexR9nmU6GPyaL+VoJauDJf5UV5Y31+wp+XgP1k13/
wQ0LoumpioPYp7QEbrSgNTUF5I2Q+Cp7VGtoO3PPDWzgcBH8eSiqHVnsC2da51k8
sjaBXvJn5/taUN49pEGo
=0W9M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Razi


Christopher,

When KeepAliveTimeOut is 5, 12 , I get the error, when its 15 and above I 
don't get the error.


The versions of Apahce and Mod_jk are as follows

Apache 2.2.24
Mod_jk 1.2.37

I dont use Tomcat, my applicaton server is JBOSS EAP 6.1.0

I will get back to you with more logs. Thanks

Warm Regards
Razi A. Ansari

-Original Message- 
From: Christopher Schultz

Sent: Thursday, April 23, 2015 8:03 AM
To: Tomcat Users List
Subject: Re: Apache Tomcat jk connector 400 bad request

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/22/15 6:39 PM, Razi Ansari wrote:

 Original message  From: Christopher Schultz
 Date: 04/23/2015  6:15 AM
(GMT+08:00) To: Tomcat Users List 
Subject: Re: Apache Tomcat jk connector 400 bad request


If you decide to change your timeout values (I don't see a reason
to

do so unless you are encountering some kind of related problem,
and I

don't consider this to be a related problem), make sure they are

consistent between mod_jk and Tomcat's AJP connector.


I tried inceasing the value of webserver KeepAliveTimeout to 15 and
i dont get the 400 bad request error in the test environment. But
i really want to know the root cause before i move it to
production. In my httpwatch i see the request going without any
body ony header.


Without the change in KeepAliveTimeout, can you reproduce this error
in your test environment? I would honestly be surprised if
KeepAliveTimeout is the trouble, here. For the AJP connector, the
KeepAliveTimeout is not relevant because AJP is by definition
keep-alive. You can disable it if you think doing so will improve the
situation, but I don't have any reason to suspect it would.

It would be great to know whether the AJP connector or the HTTP
connector was the one failing. In Tomcat, the stack trace will include
the thread identifier which includes the port number and protocol
being used. Please include that with your stack traces when you find the
m.

It would also be great to know which (exact) version of Tomcat is
being used under the hood. Check the logs during startup to see what
Tomcat says it is.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVODbWAAoJEBzwKT+lPKRYiBkP+QENinLAv9vXdjDi598Av56n
nin9n4jzkgVaMC7h/EpzM81w7rjVoNdfD9d3j472hQFyUY+x9iQwDxNRc25t7VHH
jwq21AZBqRDn6hNvLxxpXyKqVuLImZ08GFzI4PdelIQ0IuZ2WlRQwW1xNtcVZKgh
yq1/Az1zK82rzrIH8WJhu0frYNd5mqrrEEVCQfUs3pEJyqf0uQFM8buVVKScla3x
sb6qjo3+XCHGZ/KXFllr0t0E7fGlk7xP8NhRLzSO7AkDvUgk7SzAryN2VmwbTn3w
KbO3bzT7dQse+1ykj246L+TqIWJOsycooGagTRtH7kW/5jRXS6b8kLL08XhLY70z
Ybcfbd1gwIbihm29LsOaU54hWTyQYa5cSAzCXEaQsGUfaoDsuU4L69Uf+G40QcO6
c1cCvJImSFjpmVcoVtVitT+U6vDDK0kIcuyrb766GCyde2pRlFswCMho2GN2yT6L
2e9v9xqmLANZE0iaJpK2qUVE/efh1m+API/wFYXqnQhe2S5V8fXAGXM/rJdeOQNL
IXMZN4E1moVClbaKVn+TbtcexR9nmU6GPyaL+VoJauDJf5UV5Y31+wp+XgP1k13/
wQ0LoumpioPYp7QEbrSgNTUF5I2Q+Cp7VGtoO3PPDWzgcBH8eSiqHVnsC2da51k8
sjaBXvJn5/taUN49pEGo
=0W9M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/22/15 6:39 PM, Razi Ansari wrote:
>  Original message  From: Christopher Schultz
>  Date: 04/23/2015  6:15 AM
> (GMT+08:00) To: Tomcat Users List  
> Subject: Re: Apache Tomcat jk connector 400 bad request
> 
>> If you decide to change your timeout values (I don't see a reason
>> to
>> 
>> do so unless you are encountering some kind of related problem,
>> and I
>> 
>> don't consider this to be a related problem), make sure they are
>> 
>> consistent between mod_jk and Tomcat's AJP connector.
> 
> I tried inceasing the value of webserver KeepAliveTimeout to 15 and
> i dont get the 400 bad request error in the test environment. But
> i really want to know the root cause before i move it to
> production. In my httpwatch i see the request going without any
> body ony header.

Without the change in KeepAliveTimeout, can you reproduce this error
in your test environment? I would honestly be surprised if
KeepAliveTimeout is the trouble, here. For the AJP connector, the
KeepAliveTimeout is not relevant because AJP is by definition
keep-alive. You can disable it if you think doing so will improve the
situation, but I don't have any reason to suspect it would.

It would be great to know whether the AJP connector or the HTTP
connector was the one failing. In Tomcat, the stack trace will include
the thread identifier which includes the port number and protocol
being used. Please include that with your stack traces when you find the
m.

It would also be great to know which (exact) version of Tomcat is
being used under the hood. Check the logs during startup to see what
Tomcat says it is.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVODbWAAoJEBzwKT+lPKRYiBkP+QENinLAv9vXdjDi598Av56n
nin9n4jzkgVaMC7h/EpzM81w7rjVoNdfD9d3j472hQFyUY+x9iQwDxNRc25t7VHH
jwq21AZBqRDn6hNvLxxpXyKqVuLImZ08GFzI4PdelIQ0IuZ2WlRQwW1xNtcVZKgh
yq1/Az1zK82rzrIH8WJhu0frYNd5mqrrEEVCQfUs3pEJyqf0uQFM8buVVKScla3x
sb6qjo3+XCHGZ/KXFllr0t0E7fGlk7xP8NhRLzSO7AkDvUgk7SzAryN2VmwbTn3w
KbO3bzT7dQse+1ykj246L+TqIWJOsycooGagTRtH7kW/5jRXS6b8kLL08XhLY70z
Ybcfbd1gwIbihm29LsOaU54hWTyQYa5cSAzCXEaQsGUfaoDsuU4L69Uf+G40QcO6
c1cCvJImSFjpmVcoVtVitT+U6vDDK0kIcuyrb766GCyde2pRlFswCMho2GN2yT6L
2e9v9xqmLANZE0iaJpK2qUVE/efh1m+API/wFYXqnQhe2S5V8fXAGXM/rJdeOQNL
IXMZN4E1moVClbaKVn+TbtcexR9nmU6GPyaL+VoJauDJf5UV5Y31+wp+XgP1k13/
wQ0LoumpioPYp7QEbrSgNTUF5I2Q+Cp7VGtoO3PPDWzgcBH8eSiqHVnsC2da51k8
sjaBXvJn5/taUN49pEGo
=0W9M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Razi Ansari

Please check inline for my reply . Thanks.

 Original message 
From: Christopher Schultz  
Date: 04/23/2015  6:15 AM  (GMT+08:00) 
To: Tomcat Users List  
Subject: Re: Apache Tomcat jk connector 400 bad request 


-BEGIN PGP SIGNED MESSAGE-

Hash: SHA256



Razi,



On 4/22/15 5:45 PM, Razi wrote:

> Hi Christopher,

> 

> Thanks for looking into this.

> 

> Any random request fails, ajax or non-ajax.

> 

> The worker.properties is as follows::

> 

> worker.lbroutex.type=lb 

> worker.lbroutex.balance_workers=workerx,workery,workerz 

> worker.lbroute.sticky_session=1

> 

> worker.workerX.port=1234 worker.workerX.host=$$$.com 

> worker.workerX.type=ajp13 worker.workerX.lbfactor=1

> 

> As  I am using jboss EAP, I am pasting the config from my

> standalone.xml

> 

>  default-virtual-server="default-host" instance-id="worker10" 

> native="false">  protocol="HTTP/1.1" socket-binding="http"/>  scheme="http" protocol="HTTP/1.1" socket-binding="https"

> secure="true">  certificate-key-file="" protocol=""/>   name="ajp" scheme="http" protocol="AJP/1.3" socket-binding="ajp"/>



I suppose this has a default port number (8009?) and it matches what

you have in worker.workerX.port? Yes



You shouldn't be using any OpenSSL for the the AJP connector, so

proxied requests via AJP shouldn't trigger the OpenSSL errors. A full

stack trace would be very helpful. I wiill get this trace out



I don't see anything immediately obvious. Do you have a firewall

between httpd and Tomcat? Has it been configured to leave the

connections open forever? If not, you might want to consider

configuring CPING/CPONG at intervals (look at the AJP connector

configuration reference and search for cping/cpong to see how to do that

).
will check for the firewall and revert.

If you decide to change your timeout values (I don't see a reason to

do so unless you are encountering some kind of related problem, and I

don't consider this to be a related problem), make sure they are

consistent between mod_jk and Tomcat's AJP connector.I tried inceasing the 
value of webserver KeepAliveTimeout to 15 and i dont get the 400 bad request 
error in the test environment. But i really want to know the root cause before 
i move it to production. In my httpwatch i see the request going without any 
body ony header.



Any chance the 400 responses always come from the same httpd instance

or Tomcat instance? No its random any instance.



- -chris

-BEGIN PGP SIGNATURE-

Version: GnuPG v2

Comment: GPGTools - http://gpgtools.org



iQIcBAEBCAAGBQJVOB1GAAoJEBzwKT+lPKRY51AQAJCuO+cuurN9CshykgXm+M2V

P+oSLO3wCRrF8WhJtzDz/CfIGT6T679lQSAbMBNliVrxuu+Q+/UbAS4rHcAkO2Ou

GRCb1xCX1qoSpl5qmppFsJMMMAZE7NhWP3ZkCC/FdRyj+Lb4ZJcuKmx8LaIEfuvF

akWUhJD1sYAhclyYInpF78kXOyBcuP1/6dOtXtlUqZ0JuZiDGHEgdywVRJiZjzpz

aTxSdz0AkL4/7svPBn5I6foV2vLUKindQjSn2L1Mjq5TsbEo3Dhe9xxSCL7dmK8u

ZJ7Wp8Hi7Z3NrVMNf4YnLiChKhWN9mIhucMQMsY9nez7h2GO2P0LrVo5XRJV5R65

gzagTK1qSHjKrGJqvuBY757j3rsnG9jNEPVixg1IqIA/JIuC/CfO+eVsVsUJAQSH

3KuF3Ata098fBQAMxb9O4vegBm/JRjwJYeKXb+b+fjDIr6QFFgUBv8DNv7cultG9

zDVfZQ2vJqb+TBz5kf8gI5G0ZcwkL2+WveUt+GzvRRbAXiyTmCwIoMGDesi5VIx5

ojUcRWccXjKj6Cg3DKNqWw137/Cre+xVKgepkTjpPOQ0dyAK3G2cUuCgZhJy3OQj

FPtfg4vXS5BJQLZCNVWktkLGaQqRwHTIeM7EAwvbaDh+290fZcg1vW99zqCGCLgt

ksfiwrTNMLcEDPX//PrL

=KsRp

-END PGP SIGNATURE-



-

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/22/15 5:45 PM, Razi wrote:
> Hi Christopher,
> 
> Thanks for looking into this.
> 
> Any random request fails, ajax or non-ajax.
> 
> The worker.properties is as follows::
> 
> worker.lbroutex.type=lb 
> worker.lbroutex.balance_workers=workerx,workery,workerz 
> worker.lbroute.sticky_session=1
> 
> worker.workerX.port=1234 worker.workerX.host=$$$.com 
> worker.workerX.type=ajp13 worker.workerX.lbfactor=1
> 
> As  I am using jboss EAP, I am pasting the config from my
> standalone.xml
> 
>  default-virtual-server="default-host" instance-id="worker10" 
> native="false">  protocol="HTTP/1.1" socket-binding="http"/>  scheme="http" protocol="HTTP/1.1" socket-binding="https"
> secure="true">  certificate-key-file="" protocol=""/>   name="ajp" scheme="http" protocol="AJP/1.3" socket-binding="ajp"/>

I suppose this has a default port number (8009?) and it matches what
you have in worker.workerX.port?

You shouldn't be using any OpenSSL for the the AJP connector, so
proxied requests via AJP shouldn't trigger the OpenSSL errors. A full
stack trace would be very helpful.

I don't see anything immediately obvious. Do you have a firewall
between httpd and Tomcat? Has it been configured to leave the
connections open forever? If not, you might want to consider
configuring CPING/CPONG at intervals (look at the AJP connector
configuration reference and search for cping/cpong to see how to do that
).

If you decide to change your timeout values (I don't see a reason to
do so unless you are encountering some kind of related problem, and I
don't consider this to be a related problem), make sure they are
consistent between mod_jk and Tomcat's AJP connector.

Any chance the 400 responses always come from the same httpd instance
or Tomcat instance?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOB1GAAoJEBzwKT+lPKRY51AQAJCuO+cuurN9CshykgXm+M2V
P+oSLO3wCRrF8WhJtzDz/CfIGT6T679lQSAbMBNliVrxuu+Q+/UbAS4rHcAkO2Ou
GRCb1xCX1qoSpl5qmppFsJMMMAZE7NhWP3ZkCC/FdRyj+Lb4ZJcuKmx8LaIEfuvF
akWUhJD1sYAhclyYInpF78kXOyBcuP1/6dOtXtlUqZ0JuZiDGHEgdywVRJiZjzpz
aTxSdz0AkL4/7svPBn5I6foV2vLUKindQjSn2L1Mjq5TsbEo3Dhe9xxSCL7dmK8u
ZJ7Wp8Hi7Z3NrVMNf4YnLiChKhWN9mIhucMQMsY9nez7h2GO2P0LrVo5XRJV5R65
gzagTK1qSHjKrGJqvuBY757j3rsnG9jNEPVixg1IqIA/JIuC/CfO+eVsVsUJAQSH
3KuF3Ata098fBQAMxb9O4vegBm/JRjwJYeKXb+b+fjDIr6QFFgUBv8DNv7cultG9
zDVfZQ2vJqb+TBz5kf8gI5G0ZcwkL2+WveUt+GzvRRbAXiyTmCwIoMGDesi5VIx5
ojUcRWccXjKj6Cg3DKNqWw137/Cre+xVKgepkTjpPOQ0dyAK3G2cUuCgZhJy3OQj
FPtfg4vXS5BJQLZCNVWktkLGaQqRwHTIeM7EAwvbaDh+290fZcg1vW99zqCGCLgt
ksfiwrTNMLcEDPX//PrL
=KsRp
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Razi


Hi Christopher,

Thanks for looking into this.

Any random request fails, ajax or non-ajax.

The worker.properties is as follows::

worker.lbroutex.type=lb
worker.lbroutex.balance_workers=workerx,workery,workerz
worker.lbroute.sticky_session=1

worker.workerX.port=1234
worker.workerX.host=$$$.com
worker.workerX.type=ajp13
worker.workerX.lbfactor=1

As  I am using jboss EAP, I am pasting the config from my standalone.xml

default-virtual-server="default-host" instance-id="worker10" native="false">
   socket-binding="http"/>
   socket-binding="https" secure="true">
  protocol=""/>

   
   socket-binding="ajp"/>

   
  
  
   


Warm Regards
Razi A. Ansari

-Original Message- 
From: Christopher Schultz

Sent: Wednesday, April 22, 2015 10:47 PM
To: Tomcat Users List
Subject: Re: Apache Tomcat jk connector 400 bad request

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/21/15 5:18 PM, Razi wrote:

Another bit of information I wanted to add.

The apache error log is peppered with the following line : OpenSSL
: I/O error, 5 bytes expected to read on BIO#...


Are those errors correlated with the AJAX failures?

Do non-AJAX requests fail in this way?

Please copy/paste your Tomcat  configuration as well as
your mod_jk properties for this worker.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVN7RlAAoJEBzwKT+lPKRY9swP/3zVEi9HE2Y5LshvuasAsk1R
FiSty8XMgcsNcdM7DNG44TWHlxzaI8NjSxeoVbQAY1ENjGyz7PhkiRiD4CLBXV70
/DnlILOy/M5vT+O7pcdW0tHsF9XmeewkcN1VAef3fp3f+NbQU6U1xXpwDp+yWETy
7jOB0yBA/aqJPwkxqdfHd4BCi0+BvJBgUoSJ3vo67oYSA5lo0u/42zRWRgD1513k
u14EJuYQfcevkwUMiX75KehvBqSj8O31zoYOBbeUjQSq2qshpJ+RKnDny1ZibHT5
ZfbtPEP9lvZChS/qdiz+vqHVQqPp67qnkDf4aO+TehSNyRfJ/vzMP93fwELWa4dB
/AqAvOpxhN0bq9NN6vHLce5TY/5b6hhTGHuPqR8zXCS0VS8lgKGqkCJ5NmJfkAw/
Vdx0y60Uad01fCbSipT+/8X9zRpvOiaxvqix1s8NuiOHFdjDXEdnck0JdkWq4Wnm
2RfhZ9u9WixDEaS2lUQabSmHYxbB2gQBaL0kWQdttwaEKIaoXIry3IcEAreS8C9K
ELloPXCR1qQXAv71Up31VYkK2jXmTE8QMIKrJOcd2hZPAQExKvVur2jTp/TFRa30
a2Qr2Gebnv9qwdJoM3bVTshgEROOMIMicOAGSn1juwOQ478u9TA2zKDJIALP7VyG
9/7QwAFFNxHMjghzzVXy
=mWJG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Razi,

On 4/21/15 5:18 PM, Razi wrote:
> Another bit of information I wanted to add.
> 
> The apache error log is peppered with the following line : OpenSSL
> : I/O error, 5 bytes expected to read on BIO#...

Are those errors correlated with the AJAX failures?

Do non-AJAX requests fail in this way?

Please copy/paste your Tomcat  configuration as well as
your mod_jk properties for this worker.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVN7RlAAoJEBzwKT+lPKRY9swP/3zVEi9HE2Y5LshvuasAsk1R
FiSty8XMgcsNcdM7DNG44TWHlxzaI8NjSxeoVbQAY1ENjGyz7PhkiRiD4CLBXV70
/DnlILOy/M5vT+O7pcdW0tHsF9XmeewkcN1VAef3fp3f+NbQU6U1xXpwDp+yWETy
7jOB0yBA/aqJPwkxqdfHd4BCi0+BvJBgUoSJ3vo67oYSA5lo0u/42zRWRgD1513k
u14EJuYQfcevkwUMiX75KehvBqSj8O31zoYOBbeUjQSq2qshpJ+RKnDny1ZibHT5
ZfbtPEP9lvZChS/qdiz+vqHVQqPp67qnkDf4aO+TehSNyRfJ/vzMP93fwELWa4dB
/AqAvOpxhN0bq9NN6vHLce5TY/5b6hhTGHuPqR8zXCS0VS8lgKGqkCJ5NmJfkAw/
Vdx0y60Uad01fCbSipT+/8X9zRpvOiaxvqix1s8NuiOHFdjDXEdnck0JdkWq4Wnm
2RfhZ9u9WixDEaS2lUQabSmHYxbB2gQBaL0kWQdttwaEKIaoXIry3IcEAreS8C9K
ELloPXCR1qQXAv71Up31VYkK2jXmTE8QMIKrJOcd2hZPAQExKvVur2jTp/TFRa30
a2Qr2Gebnv9qwdJoM3bVTshgEROOMIMicOAGSn1juwOQ478u9TA2zKDJIALP7VyG
9/7QwAFFNxHMjghzzVXy
=mWJG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Razi Ansari



Hi Marcos
Thanks for the comment.
I am using apache to serve static content and it works well. Its just these 
random requests that fail with 400.
I am trying out using a slightly higher value of the KeepAliveTimeout.
I wanted to get some advise from the experts in this forum . Thanks.


 Original message 
From: Marcos Almeida Azevedo 
Date: 04/22/2015  3:37 PM  (GMT+08:00)
To: Tomcat Users List 
Subject: Re: Apache Tomcat jk connector 400 bad request

On Wed, Apr 22, 2015 at 5:18 AM, Razi  wrote:

> hi there,
>
> Another bit of information I wanted to add.
>
> The apache error log is peppered with the following line : OpenSSL : I/O
> error, 5 bytes expected to read on BIO#...
>
> Warm Regards
> Razi A. Ansari
>
>
> From: Razi
> Sent: Tuesday, April 21, 2015 8:37 AM
> To: users@tomcat.apache.org
> Subject: Apache Tomcat jk connector 400 bad request
>
> Hi there,
>
> I would like to explain my scenario, perhaps this has been answered on
> this forum.
>
> A bunch of random Ajax requests from the browser (IE9) end up with a 400
> error code on the apache webserver and the the browser hangs for 5 minutes.
> Httpwatch shows the error code as ERROR_INTERNET_CONNECTION_RESET and then
> immediately afterwards IE fires the same request again, which shows up with
> a time taken of 5 minutes and error code as
> ERROR_HTTP_INVALID_SERVER_RESPONSE. The browser recovers after 5 minutes.
>
> Further investigation on the webserver and appserver logs reveals the
> following::
>   a.. The request comes from the browser and hits the webserver and then
> forwards to the appserver instantly.
>   b.. The mod_jk log for the request shows that there is time duration of
> 5 minutes spent in the ajp_read_fully_server::jk_ajp_common.c(1399): enter.
> After 5 minutes I get the next line as follows
> ajp_read_fully_server::jk_ajp_common.c(1432): exit. Then in the next line i
> see the following ajp_send_request::jk_ajp_common.c(1766) worker 11 browser
> stop sending data, no need to recover. Later it shows unrecoverable 400,
> request failed.
>   c.. The forensic.log show the content length as a nonzero value.
>   d.. The applcation server log hangs in the
> org.apache.coyote.ajp.AjpProcessor.read method for 5 mintues and the
> continues the execution. The thread dump also confirms this.
> The questions I have are::
>   a.. Is this a problem with IE only because of the keepalive timeout and
> the apache webserver keepalive time(current value is set to 5seconds) out
> which is not in sync.
>   b.. Is this a problem with the appserver not able to process requests
> that are bad/incomplete.
>   c.. Should I increase the Apache webserver timeout value to 60s or more
> , will this have any performance impact.
> Kindly advise on the scenario. Many thanks for reading through.
>
> Current setup:
> Apache 2.2.24
> Mod_jk 1.2.37
> Redhat Linux VM
> JBoss EAP 6.1.0
> JSF 2.1, Richfaces 3.3.4
>
>
First, I apologize if my comment is offtopic.  But you may also consider
fronting nginx instead of Apache httpd.  It is very easy to configure as
reverse proxy for your tomcat and also serve your static files.  If Apache
is really a requirement kindly ignore my comment


>
>
>
> Warm Regards
> Razi A. Ansari
>



--
Marcos | I love PHP, Linux, and Java
<http://javadevnotes.com/java-string-length-examples>

Re: Apache Tomcat jk connector 400 bad request

2015-04-22 Thread Marcos Almeida Azevedo

On Wed, Apr 22, 2015 at 5:18 AM, Razi  wrote:

> hi there,
>
> Another bit of information I wanted to add.
>
> The apache error log is peppered with the following line : OpenSSL : I/O
> error, 5 bytes expected to read on BIO#...
>
> Warm Regards
> Razi A. Ansari
>
>
> From: Razi
> Sent: Tuesday, April 21, 2015 8:37 AM
> To: users@tomcat.apache.org
> Subject: Apache Tomcat jk connector 400 bad request
>
> Hi there,
>
> I would like to explain my scenario, perhaps this has been answered on
> this forum.
>
> A bunch of random Ajax requests from the browser (IE9) end up with a 400
> error code on the apache webserver and the the browser hangs for 5 minutes.
> Httpwatch shows the error code as ERROR_INTERNET_CONNECTION_RESET and then
> immediately afterwards IE fires the same request again, which shows up with
> a time taken of 5 minutes and error code as
> ERROR_HTTP_INVALID_SERVER_RESPONSE. The browser recovers after 5 minutes.
>
> Further investigation on the webserver and appserver logs reveals the
> following::
>   a.. The request comes from the browser and hits the webserver and then
> forwards to the appserver instantly.
>   b.. The mod_jk log for the request shows that there is time duration of
> 5 minutes spent in the ajp_read_fully_server::jk_ajp_common.c(1399): enter.
> After 5 minutes I get the next line as follows
> ajp_read_fully_server::jk_ajp_common.c(1432): exit. Then in the next line i
> see the following ajp_send_request::jk_ajp_common.c(1766) worker 11 browser
> stop sending data, no need to recover. Later it shows unrecoverable 400,
> request failed.
>   c.. The forensic.log show the content length as a nonzero value.
>   d.. The applcation server log hangs in the
> org.apache.coyote.ajp.AjpProcessor.read method for 5 mintues and the
> continues the execution. The thread dump also confirms this.
> The questions I have are::
>   a.. Is this a problem with IE only because of the keepalive timeout and
> the apache webserver keepalive time(current value is set to 5seconds) out
> which is not in sync.
>   b.. Is this a problem with the appserver not able to process requests
> that are bad/incomplete.
>   c.. Should I increase the Apache webserver timeout value to 60s or more
> , will this have any performance impact.
> Kindly advise on the scenario. Many thanks for reading through.
>
> Current setup:
> Apache 2.2.24
> Mod_jk 1.2.37
> Redhat Linux VM
> JBoss EAP 6.1.0
> JSF 2.1, Richfaces 3.3.4
>
>
First, I apologize if my comment is offtopic.  But you may also consider
fronting nginx instead of Apache httpd.  It is very easy to configure as
reverse proxy for your tomcat and also serve your static files.  If Apache
is really a requirement kindly ignore my comment


>
>
>
> Warm Regards
> Razi A. Ansari
>



-- 
Marcos | I love PHP, Linux, and Java

Re: Apache Tomcat jk connector 400 bad request

2015-04-21 Thread Razi

hi there,

Another bit of information I wanted to add.

The apache error log is peppered with the following line : OpenSSL : I/O error, 
5 bytes expected to read on BIO#...

Warm Regards
Razi A. Ansari


From: Razi 
Sent: Tuesday, April 21, 2015 8:37 AM
To: users@tomcat.apache.org 
Subject: Apache Tomcat jk connector 400 bad request 

Hi there,

I would like to explain my scenario, perhaps this has been answered on this 
forum.

A bunch of random Ajax requests from the browser (IE9) end up with a 400 error 
code on the apache webserver and the the browser hangs for 5 minutes. Httpwatch 
shows the error code as ERROR_INTERNET_CONNECTION_RESET and then immediately 
afterwards IE fires the same request again, which shows up with a time taken of 
5 minutes and error code as  ERROR_HTTP_INVALID_SERVER_RESPONSE. The browser 
recovers after 5 minutes.

Further investigation on the webserver and appserver logs reveals the 
following::
  a.. The request comes from the browser and hits the webserver and then 
forwards to the appserver instantly. 
  b.. The mod_jk log for the request shows that there is time duration of 5 
minutes spent in the ajp_read_fully_server::jk_ajp_common.c(1399): enter. After 
5 minutes I get the next line as follows 
ajp_read_fully_server::jk_ajp_common.c(1432): exit. Then in the next line i see 
the following ajp_send_request::jk_ajp_common.c(1766) worker 11 browser stop 
sending data, no need to recover. Later it shows unrecoverable 400, request 
failed. 
  c.. The forensic.log show the content length as a nonzero value. 
  d.. The applcation server log hangs in the 
org.apache.coyote.ajp.AjpProcessor.read method for 5 mintues and the continues 
the execution. The thread dump also confirms this.
The questions I have are::
  a.. Is this a problem with IE only because of the keepalive timeout and the 
apache webserver keepalive time(current value is set to 5seconds) out which is 
not in sync. 
  b.. Is this a problem with the appserver not able to process requests that 
are bad/incomplete. 
  c.. Should I increase the Apache webserver timeout value to 60s or more , 
will this have any performance impact.
Kindly advise on the scenario. Many thanks for reading through.

Current setup:
Apache 2.2.24
Mod_jk 1.2.37
Redhat Linux VM
JBoss EAP 6.1.0
JSF 2.1, Richfaces 3.3.4




Warm Regards
Razi A. Ansari

Re: Apache Tomcat jk connector 400 bad request

RE: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

RE: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

RE: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

Re: Apache Tomcat jk connector 400 bad request

14 matches

Site Navigation

Mail list logo

Footer information