Weird problerm accessing request headers from tomcat

Fri, 27 May 2011 05:53:46 -0700 

Hi,

 sorry for the crosspost, but I am not sure where to ask. I am trying to 
understand a weird problem accessing HTTP request headers from a jsf page.

 The setup is as follows:

apache1 -> apache2 -> mod_jk -> tomcat

Apache1 is accessible from the Internet and forwards requests to my application 
to apache2. I have no direct control over the setup of apache1 and I cannot 
look 
at the configuration. Apache2 (2.0.63 on Linux) is answering requests from the 
intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats 
(Linux, 
6.0.32).

 Apache1 inserts the following variables into the requests it forwards to 
Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv (some 
values anonymized):

HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
HTTP_X_FORWARDED_HOST="xxx.yyy.net"
HTTP_X_FORWARDED_PORT="443"
HTTP_X_FORWARDED_PROTOCOL="https"
HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"

 If I try to read those variables from the tomcat application using this 
facelett code:

        <h:outputText style="font: bold 14px sans-serif;"
                value="X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']}" />
        <br />
        <h:outputText style="font: bold 14px sans-serif;"
                value="X_FORWARDED_PROTOCOL: #{header['X_FORWARDED_PROTOCOL']}" 
/>
        <br />
        <h:outputText style="font: bold 14px sans-serif;"
                value="X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']}" />
        <br />
        <h:outputText style="font: bold 14px sans-serif;"
                value="X_FORWARDED_FOR: #{header['X_FORWARDED_FOR']}" />
        <br />
        <h:outputText style="font: bold 14px sans-serif;"
                value="X_FORWARDED_SERVER: #{header['X_FORWARDED_SERVER']}" />
        <br />

 
Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are 
empty/null. It seem that somewhere they get dropped between Apache2, mod_jk and 
Tomcat.

 Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using 
'RequestHeader set X_FORWARDED_PROTOCOL "https"', while I do not know how the 
other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST 
"xxx.yyy.net"' to the configuration from apache2, the application sees that 
header as well. Confused? so am I :-(

Happy weekend

Martin 
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www:   http://www.knobisoft.de


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to