пн, 7 окт. 2019 г. в 14:23, Martin Knoblauch <kn...@knobisoft.de>: > > Dear fellow Tomcat users, > > recently we migrated our application from Tomcat7 to Tomcat9. Most things > work great so far, but we observed on issue. Basically serving static pages > has stopped for us. > > Our setup is Tomcat (7.0.62 or 9.0.12) behind Apache HTTPD (2.4.41 using > mod_jk 1.2.46). Yes, 9.0.12 is not recent, but we are forced to that > version. > > The mod_jk configuration basically looks like: > > <IfModule !mod_jk.c> > LoadModule jk_module modules/mod_jk.so > > JkWorkersFile "conf/cb2/workers.properties" > JkShmFile "logs/jk-runtime-status" > JkLogFile "logs/mod_jk.log" > JkLogLevel info > JkWatchdogInterval 60 > </IfModule> > > And then later inside a virtual host: > > # > # CB2 - Portal > # > # Mount the "/cb2" application to worker "cb2" > # > JkMount /cb2/* cb2 > # > # Unmount "/cb2/docs" from worker "cb2" to allow static content > # beeing served by apache. Same for "/cb2/cgi-bin" > # > JkUnMount /cb2/docs/* cb2 > > So we JkUnMount the "/cb2/docs" directory from the application base in > order to server the content directly from Apache. "docs" itself is a > symbolic link pointing outside the application base. > > With TC7, we observe the following in the apache access_log: > > [07/Oct/2019:12:30:47 +0200] [2 ms] 160.46.219.110 - "POST /cb2/docs > HTTP/1.1" s:302 l:- S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384 > [07/Oct/2019:12:30:47 +0200] [20 ms] 160.46.219.110 - "GET /cb2/docs/ > HTTP/1.1" s:200 l:6367 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384 > > So the POST from the application is redirected to the static content, which > is served OK.
A web server will happily server a static content in response to a POST request. The redirect happens because you are requesting a directory and your request URI does not end with a '/'. > With TC9 we see: > > [05/Oct/2019:02:58:13 +0200] [0 ms] #160.46.219.110# - "GET /docs HTTP/1.1" > s:404 l:196 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384 > > As said, the major difference between the setups is TC7 vs. TC9. Any ideas > for me to follow? I did not find anything in the migration 7->8 or 8->9 > guides. 1. In your access log here I see "GET /docs" instead of "/cb2/docs". Is it intentional? 2. For Tomcat to issue a redirect, the "docs" directory must be present in your web application. It can be empty, but it must be present. (If there is none, Tomcat does not know that the requested resource is a directory). 3. Starting with some version (January 2016) the default place where the redirect is issued by Tomcat was moved from Mapper (in earlier stages of request processing) to the DefaultServlet. This behaviour is controlled by configuration attributes on a Context (in the file META-INF/context.xml of your web application). See CVE-2015-5345 http://tomcat.apache.org/security-9.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
