On 18/01/13 11:27, André Warnier wrote:
I don't know if this really helps or improves things, but the standard way of
handling the
Location in redirects is via the ProxyPassReverse directive (which is probably
more
efficient here - and more easily understood - than the Header-edit).
The ProxyPassReverse directive should work whether you use ProxyPass or not.
Hi Andre,
Yes - I agree about ProxyPassReverse - that likely would fix the
redirect incorrectness.
I do not really understand the problem with the "Origin" header though.
Proxying from httpd to Tomcat (even with a differenr hostname) is a widely-used
thing, and
I have never heard of this kind of issue before.
May be something specific to j_security_check, I just don't know.
If you stop editing the request headers, and forward the requests via
ProxyPass, do you
get this problem also ?
I will try -
A RewriteRule .. .. [P] should be equivalent to a ProxyPass, but just in
case there is a subtle difference I will give it a try.
I prefer the rewrite rules as there are a bunch of them for other
reasons and not mixing RewriteRule with ProxyPass makes it very clear
what order they are being actioned (which is important).
Re: j_security_check: I have see a load of issues reported that match
this problem - usually the person reports a 408 error and everyone piles
in and tries to "solve" that with increasing timeout settings.
the 408 is clearly erroneous - and having "fixed" it myself by editing
the Origin header, that's clearly the causal factor.
Oddly enough, I did my usual trick of downloading the source code (for
tomcat 6) and doing a recursive grep for any mention of the Origin:
header. I found nothing! Which makes me wonder if the problem originates
in a generic Java library???
The whole damn thing is so poorly documented (or at least all I could
find was a document on who to enable auth checking) that I'm not able to
tell if there are some options that I *could* be setting in the web.xml
or somewhere.
It seems reasonable that it might whine about a cross-site auth effort,
but equally there should be a way to explicitly permit that, at least
for a named VHOST. As you say, proxying is very common - for load
balancing if nothing else.
I'll go and try your suggestions -
Thanks :)
Tim
Maybe you should also look at ProxypassReverseCookieDomain ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Tim Watts Tel (VOIP): +44 (0)1580 848360
Systems Manager Digital Humanities, King's College London
Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
Personal Blog: http://squiddy.blog.dionic.net/
"She got her looks from her father. He's a plastic surgeon."
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org