Re: Weird problerm accessing request headers from tomcat
Hi Andre,
see below. You are not going to hear me slapping my face, but definitely doing
a! :-)
Cheers
Martin
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
- Original Message
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Fri, May 27, 2011 6:01:28 PM
Subject: Re: Weird problerm accessing request headers from tomcat
Hi.
I believe that you are making the often-made confusion between environment
values (or variables), and HTTP headers content.
In particular, here :
seems you are right.
Apache1 inserts the following variables into the requests it forwards to
Apache1 (I suppose you meant Apache2 here)
No. It does not do that. It adds some HTTP headers. This is different, see
below.
. Apache1 (I suppose you meant Apache2 here) can see them, I have checked
that
using cgi-bin/printenv (some
values anonymized):
HTTP_X_FORWARDED_FOR=aa.bb.cc.dd
HTTP_X_FORWARDED_HOST=xxx.yyy.net
HTTP_X_FORWARDED_PORT=443
HTTP_X_FORWARDED_PROTOCOL=https
HTTP_X_FORWARDED_SERVER=aaa.bbb.ccc
Your check does not show that at all. It shows something that is just
confusing enough to get you confused as to what you are seeing. ;-)
But you have excuses for your confusion, because the Apache documentation
itself is very confusing as to environment variables.
Indeed, the documentation leaves this pretty diffuse.
What the cgi-bin script sees, are indeed environment values.
These are set by the Apache process (Apache2), just before it executes the
cgi-bin script. So the cgi-bin script sees them in its environment when it
runs.
(like with $ENV{'HTTP_X_FORWARDED_PORT'})
But there is no one-to-one relationship between what Apache finds in HTTP
request headers, and the environment values which it sets for the cgi-bin
scripts that it runs.
Apache does convert some of the request HTTP header values into cgi-bin
environment variables, but :
- the name of the environment variable may be different from the
corresponding
HTTP header label (you see this yourself above : a HTTP header named
X-forwarded-for: has been passed to the cgi-bin script as the environment
value named HTTP_X_FORWARDED_FOR)
- not all HTTP headers are converted and passed that way
- some environment values passed to the cgi-bin script are not, and never
were, HTTP headers of the request (for example, the cgi-bin environment
values
QUERY_STRING, or SCRIPT_FILENAME)
Ok, that definitely explains what I am seeing.
On the other hand :
When a HTTP proxy server forwards a HTTP request to another HTTP server via
the HTTP protocol, it forwards *all* the request headers and request content
to
this other server, as a HTTP request (otherwise, it would not be a valid HTTP
proxy server). But it cannot forward environment values, because there is
no
defined way of doing this over the HTTP protocol. (*)
But now I see your second post, and your problem is in fact much simpler.
By doing this :
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']} /
what you are actually trying to retrieve, is the content of the HTTP request
header
X_FORWARDED_HOST: (I guess), but this HTTP header does not exist in the
request.
What you are giving as a HTTP header name, is actually what the cgi-bin
environment value name was for your cgi-bin.
Which, as I try to explain at long length above, is not the same thing.
So you get back a null, and you think that the header was not there.
But it is there, only under its real HTTP header name.
Try something like
value=X_FORWARDED_HOST: #{header['X-Forwarded-for']} /
instead.
Yup, using X-Forewarded-Host works as expected. Thanks a big lot.
(Noise of self-slap on face ?).
As I said above: no self slapping. Just amazement on how much there is still to
learn after all these years :-)
(*) However, when the proxy protocol used is AJP (as it is between Apache
and
Tomcat when using the mod_jk connector, or the mod_proxy_ajp connector),
/then/
some additional values /can/ be passed along with the request (because the
AJP
protocol allows that). On the Tomcat side, these then appear as request
attributes which the webapp can retrieve (via request.getAttribute(name)),
but
not as environment values of the Tomcat process for example.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Weird problerm accessing request headers from tomcat
Hi,
sorry for the crosspost, but I am not sure where to ask. I am trying to
understand a weird problem accessing HTTP request headers from a jsf page.
The setup is as follows:
apache1 - apache2 - mod_jk - tomcat
Apache1 is accessible from the Internet and forwards requests to my application
to apache2. I have no direct control over the setup of apache1 and I cannot
look
at the configuration. Apache2 (2.0.63 on Linux) is answering requests from the
intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats
(Linux,
6.0.32).
Apache1 inserts the following variables into the requests it forwards to
Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv (some
values anonymized):
HTTP_X_FORWARDED_FOR=aa.bb.cc.dd
HTTP_X_FORWARDED_HOST=xxx.yyy.net
HTTP_X_FORWARDED_PORT=443
HTTP_X_FORWARDED_PROTOCOL=https
HTTP_X_FORWARDED_SERVER=aaa.bbb.ccc
If I try to read those variables from the tomcat application using this
facelett code:
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PROTOCOL: #{header['X_FORWARDED_PROTOCOL']}
/
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_FOR: #{header['X_FORWARDED_FOR']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_SERVER: #{header['X_FORWARDED_SERVER']} /
br /
Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are
empty/null. It seem that somewhere they get dropped between Apache2, mod_jk and
Tomcat.
Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using
'RequestHeader set X_FORWARDED_PROTOCOL https', while I do not know how the
other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST
xxx.yyy.net' to the configuration from apache2, the application sees that
header as well. Confused? so am I :-(
Happy weekend
Martin
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weird problerm accessing request headers from tomcat
when your Apache2 is configured as reverse-proxy you are fowarding
IP,RequestedHost and Proxy-Server specifically:
When acting in a reverse-proxy mode (using the ProxyPass directive, for
example),
mod_proxy_http adds several request headers in
order to pass information to the origin server. These headers
are:
X-Forwarded-ForThe IP address of the client.X-Forwarded-HostThe original
host requested by the client in the Host
HTTP request header.X-Forwarded-ServerThe hostname of the proxy server.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
is this not the case?
Martin
__
Date: Fri, 27 May 2011 05:53:14 -0700
From: spamt...@knobisoft.de
Subject: Weird problerm accessing request headers from tomcat
To: users@tomcat.apache.org; us...@httpd.apache.org
Hi,
sorry for the crosspost, but I am not sure where to ask. I am trying to
understand a weird problem accessing HTTP request headers from a jsf page.
The setup is as follows:
apache1 - apache2 - mod_jk - tomcat
Apache1 is accessible from the Internet and forwards requests to my
application
to apache2. I have no direct control over the setup of apache1 and I cannot
look
at the configuration. Apache2 (2.0.63 on Linux) is answering requests from
the
intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats
(Linux,
6.0.32).
Apache1 inserts the following variables into the requests it forwards to
Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv
(some
values anonymized):
HTTP_X_FORWARDED_FOR=aa.bb.cc.dd
HTTP_X_FORWARDED_HOST=xxx.yyy.net
HTTP_X_FORWARDED_PORT=443
HTTP_X_FORWARDED_PROTOCOL=https
HTTP_X_FORWARDED_SERVER=aaa.bbb.ccc
If I try to read those variables from the tomcat application using this
facelett code:
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PROTOCOL:
#{header['X_FORWARDED_PROTOCOL']}
/
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_FOR: #{header['X_FORWARDED_FOR']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_SERVER: #{header['X_FORWARDED_SERVER']} /
br /
Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are
empty/null. It seem that somewhere they get dropped between Apache2, mod_jk
and
Tomcat.
Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using
'RequestHeader set X_FORWARDED_PROTOCOL https', while I do not know how the
other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST
xxx.yyy.net' to the configuration from apache2, the application sees that
header as well. Confused? so am I :-(
Happy weekend
Martin
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird problerm accessing request headers from tomcat
Hi Martin,
the reverse proxy (gateway) in my case would be apache1 me thinks. apache2
definitely does not use mod_proxy/ProxyPass. It is just loadbalancing two
tomcat
instances using mod_jk.
My problem is (maybe I was not clear) that apache2 does see the
X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers apparently
added by apache1, but that those are not visible in the requests reaching
tomcat. If, just as an experiment, I use RequestHeader set in the apache2
ssl configuration, tomcat sees them. Same is true for the _PORT and
_PROTOCOL headers that are added on apache1 via RequestHeader set.
Did I express myself better this time? There must be some handling differences
between headers added from mod_proxy (if that is used by apache1 I will not
find
out before some time next week) and those added by mod_headers.
Thanks
Martin :-)
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
- Original Message
From: Martin Gainty mgai...@hotmail.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Fri, May 27, 2011 3:29:32 PM
Subject: RE: Weird problerm accessing request headers from tomcat
when your Apache2 is configured as reverse-proxy you are fowarding
IP,RequestedHost and Proxy-Server specifically:
When acting in a reverse-proxy mode (using the ProxyPass directive, for
example),
mod_proxy_http adds several request headers in
order to pass information to the origin server. These headers
are:
X-Forwarded-ForThe IP address of the client.X-Forwarded-HostThe original
host requested by the client in the Host
HTTP request header.X-Forwarded-ServerThe hostname of the proxy
server.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
is this not the case?
Martin
__
Date: Fri, 27 May 2011 05:53:14 -0700
From: spamt...@knobisoft.de
Subject: Weird problerm accessing request headers from tomcat
To: users@tomcat.apache.org; us...@httpd.apache.org
Hi,
sorry for the crosspost, but I am not sure where to ask. I am trying to
understand a weird problem accessing HTTP request headers from a jsf page.
The setup is as follows:
apache1 - apache2 - mod_jk - tomcat
Apache1 is accessible from the Internet and forwards requests to my
application
to apache2. I have no direct control over the setup of apache1 and I
cannot
look
at the configuration. Apache2 (2.0.63 on Linux) is answering requests from
the
intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats
(Linux,
6.0.32).
Apache1 inserts the following variables into the requests it forwards to
Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv
(some
values anonymized):
HTTP_X_FORWARDED_FOR=aa.bb.cc.dd
HTTP_X_FORWARDED_HOST=xxx.yyy.net
HTTP_X_FORWARDED_PORT=443
HTTP_X_FORWARDED_PROTOCOL=https
HTTP_X_FORWARDED_SERVER=aaa.bbb.ccc
If I try to read those variables from the tomcat application using this
facelett code:
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PROTOCOL:
#{header['X_FORWARDED_PROTOCOL']}
/
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_FOR: #{header['X_FORWARDED_FOR']} /
br /
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_SERVER:
#{header['X_FORWARDED_SERVER']}
/
br /
Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three
are
empty/null. It seem that somewhere they get dropped between Apache2,
mod_jk
and
Tomcat.
Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using
'RequestHeader set X_FORWARDED_PROTOCOL https', while I do not know how
the
other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST
xxx.yyy.net' to the configuration from apache2, the application sees
that
header as well. Confused? so am I :-(
Happy weekend
Martin
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird problerm accessing request headers from tomcat
Hi.
I believe that you are making the often-made confusion between environment values (or
variables), and HTTP headers content.
In particular, here :
Apache1 inserts the following variables into the requests it forwards to
Apache1 (I suppose you meant Apache2 here)
No. It does not do that. It adds some HTTP headers. This is different, see
below.
. Apache1 (I suppose you meant Apache2 here) can see them, I have checked that using
cgi-bin/printenv (some
values anonymized):
HTTP_X_FORWARDED_FOR=aa.bb.cc.dd
HTTP_X_FORWARDED_HOST=xxx.yyy.net
HTTP_X_FORWARDED_PORT=443
HTTP_X_FORWARDED_PROTOCOL=https
HTTP_X_FORWARDED_SERVER=aaa.bbb.ccc
Your check does not show that at all. It shows something that is just confusing enough to
get you confused as to what you are seeing. ;-)
But you have excuses for your confusion, because the Apache documentation itself is very
confusing as to environment variables.
What the cgi-bin script sees, are indeed environment values.
These are set by the Apache process (Apache2), just before it executes the cgi-bin script.
So the cgi-bin script sees them in its environment when it runs.
(like with $ENV{'HTTP_X_FORWARDED_PORT'})
But there is no one-to-one relationship between what Apache finds in HTTP request headers,
and the environment values which it sets for the cgi-bin scripts that it runs.
Apache does convert some of the request HTTP header values into cgi-bin environment
variables, but :
- the name of the environment variable may be different from the corresponding HTTP header
label (you see this yourself above : a HTTP header named X-forwarded-for: has been
passed to the cgi-bin script as the environment value named HTTP_X_FORWARDED_FOR)
- not all HTTP headers are converted and passed that way
- some environment values passed to the cgi-bin script are not, and never were, HTTP
headers of the request (for example, the cgi-bin environment values QUERY_STRING, or
SCRIPT_FILENAME)
On the other hand :
When a HTTP proxy server forwards a HTTP request to another HTTP server via the HTTP
protocol, it forwards *all* the request headers and request content to this other server,
as a HTTP request (otherwise, it would not be a valid HTTP proxy server). But it cannot
forward environment values, because there is no defined way of doing this over the HTTP
protocol. (*)
But now I see your second post, and your problem is in fact much simpler.
By doing this :
h:outputText style=font: bold 14px sans-serif;
value=X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']} /
what you are actually trying to retrieve, is the content of the HTTP request
header
X_FORWARDED_HOST: (I guess), but this HTTP header does not exist in the
request.
What you are giving as a HTTP header name, is actually what the cgi-bin environment value
name was for your cgi-bin.
Which, as I try to explain at long length above, is not the same thing.
So you get back a null, and you think that the header was not there.
But it is there, only under its real HTTP header name.
Try something like
value=X_FORWARDED_HOST: #{header['X-Forwarded-for']} /
instead.
(Noise of self-slap on face ?).
(*) However, when the proxy protocol used is AJP (as it is between Apache and Tomcat when
using the mod_jk connector, or the mod_proxy_ajp connector), /then/ some additional values
/can/ be passed along with the request (because the AJP protocol allows that). On the
Tomcat side, these then appear as request attributes which the webapp can retrieve (via
request.getAttribute(name)), but not as environment values of the Tomcat process for
example.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
