André: 1- So how come the requests are made to the host "localhost" ? I think this is so, because <VirtualHost *:80>. 2- Is this the one and only VirtualHost in Apache ? This is the only virtual host.
Best regards -- [Adrián Córdoba] 2011/7/22 André Warnier <a...@ice-sa.com> > Adrián Córdoba wrote: > >> Well... >> 1- I delete the "Directory" section from httpd.conf file. >> 2- I add "JkMount /Andromeda worker1" to the virtual host. >> 3- I add dynamic content to index.jsp page >> So I proved the content is served by Tomcat. But I have the same problem: >> I >> cannot view the content of protected section of my web application through >> Apache web server. >> >> If I access directly to Tomcat (skipping httpd), I can see the protected >> content. >> >> > Ok, so what does that tell us ? > - that the webapp in Tomcat seems to work as it should > - that at least some requests going through Apache are being forwarded to > Tomcat > - but obviously, that at least one response page is different, at the > browser level, when it is coming back (or not) through Apache, than when it > is coming back directly from Tomcat > > So we must find out what the difference is. > And the easiest way to find that out - at least at the first level - is a > plugin added to the browser, which would show the real content of that > response which appears as a blank page. > Do it. > > Incidentally, the logfile below does not show any error. > But it shows only the requests made to Apache httpd. > It would not, for example, show us if the browser, for whatever reason, > decided to send a request to www.google.com, and got a blank page in > response. > But the browser plugin would show you that. > > > Now wait a minute.. > The logfile below shows requests made to "localhost". > But if I remember correctly, this was a VirtualHost, with "ASIA" as > ServerName. > So how come the requests are made to the host "localhost" ? > Is this the one and only VirtualHost in Apache ? > > Access log in httpd is: >> ------------------------------**------------------------ >> ::1 - - [21/Jul/2011:21:27:18 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 >> "-" >> "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) >> Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:21 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 >> "-" >> "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) >> Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:21 -0300] "GET /Andromeda/StyleSheet.css >> HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) >> AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:22 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 >> "-" >> "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) >> Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:22 -0300] "GET /Andromeda/StyleSheet.css >> HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) >> AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:24 -0300] "GET /Andromeda/internal/internal.** >> jsp >> HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 >> Safari/534.30" >> ::1 - - [21/Jul/2011:21:27:41 -0300] "GET >> /Andromeda/internal/j_**security_check HTTP/1.1" 200 433 "-" "Mozilla/5.0 >> (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) >> Chrome/12.0.742.124 >> Safari/534.30" >> ::1 - - [21/Jul/2011:21:29:46 -0300] "GET /Andromeda/internal/internal.** >> jsp >> HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 >> Safari/534.30" >> ::1 - - [21/Jul/2011:21:29:50 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 >> "-" >> "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) >> Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:29:50 -0300] "GET /Andromeda/StyleSheet.css >> HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) >> AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" >> ::1 - - [21/Jul/2011:21:29:53 -0300] "GET /Andromeda/internal/internal.** >> jsp >> HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux >> i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 >> Safari/534.30" >> ------------------------------**------------------------ >> >> Thank you, very much. >> -- >> [Adrián Córdoba] >> >> >> >> 2011/7/21 André Warnier <a...@ice-sa.com> >> >> Christopher Schultz wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Adrián, >>>> >>>> On 7/21/2011 3:28 PM, Adrián Córdoba wrote: >>>> >>>> Thank you, André. I know this "Warning", but I want to serve static >>>>> content with Apache web server and dynamic content with Tomcat. >>>>> >>>>> You can still do that without setting the DocumentRoot to your >>>> appbase. >>>> >>>> Try this: >>>> >>>> GET >>>> http://localhost/Andromeda/****META-INF/context.xml<http://localhost/Andromeda/**META-INF/context.xml> >>>> <http://**localhost/Andromeda/META-INF/**context.xml<http://localhost/Andromeda/META-INF/context.xml> >>>> > >>>> >>>> >>>> (or maybe GET http://localhost/Andromeda/**** >>>> WebContent/META-INF/context.**<http://localhost/Andromeda/**WebContent/META-INF/context.**> >>>> xml >>>> <http://localhost/Andromeda/**WebContent/META-INF/context.**xml<http://localhost/Andromeda/WebContent/META-INF/context.xml> >>>> > >>>> >>>> - - it's really hard to understand what your appbase really is). >>>> >>>> If you have a container-managed db connection pool, you are more than >>>> likely to have your database username and password in that file, which >>>> is now publicly accessible via HTTP. Pwned. >>>> >>>> (The web application contains only links to other pages in the same >>>> >>>>> application. It is a test application to learn.) >>>>> >>>>> You should learn to do things properly. I'm not trying to be nasty, >>>> but >>>> you should try to get in the habit of doing things securely even when >>>> they are toys. That way you won't forget to do it when it really >>>> matters. >>>> >>>> +1 >>> In addition, the way you have things set up, it is really difficult to >>> help, because we cannot be sure of which server is serving what. >>> >>> >>> >>> In those conditions, with those settings, if an user enters >>>> >>>>> http://localhost/Andromeda, he gets the "*index.jsp*" page in the >>>>> WebContent directory. >>>>> >>>>> That's surprising, given your configuration. >>>> >>>> So, I think Tomcat is serving that content. >>>> Yes, if the tags are being evaluated and you're not just getting the >>>> source code. >>>> >>>> Do you think Apache is serving "index.jsp" file content? >>>> Can't tell, you didn't show us any of that. >>>> >>>> +1 >>> In addition again, it may be serving /that/ file, but what about any >>> links >>> maybe *contained* in that file. Perhaps there are none, but perhaps also >>> there is a link inside (to an image, or an iframe e.g.) which ends up >>> being >>> served by Apache, and which is the reason for the blank page. >>> >>> The main point again : it is *possible* to configure things the way you >>> have done, and to nevertheless avoid security holes and other issues. >>> But >>> it is *hard*, and any mistake can compromise your server, or lead to >>> errors >>> difficult to debug. >>> (For example, you also allow Symlinks, which may confuse things yet a bit >>> more). >>> >>> You should give Apache a different DocumentRoot, not your Tomcat webapps >>> directory. >>> (And maybe put some single html page in it, which should never be appear, >>> and if it does you will know something is wrong). >>> >>> Then you should use both >>> JkMount /Andromeda worker1 >>> JkMount /Andromeda/* worker1 >>> (because they do not overlap) >>> >>> Then, later, if you want Apache to be serving something directly instead >>> of >>> forwarding it to Tomcat, you should look up the JkUnMount directive, and >>> do >>> it selectively. >>> Or use something like >>> SetEnvIf Request_URI "\.jpg$" no-jk >>> >>> Or you could look at an alternative way to specify what needs to be >>> forwarded, which I personally find more flexible and more Apache-like >>> than >>> JkMount/unMount : >>> See here : >>> http://tomcat.apache.org/****connectors-doc/reference/**<http://tomcat.apache.org/**connectors-doc/reference/**> >>> apache.html<http://tomcat.**apache.org/connectors-doc/** >>> reference/apache.html<http://tomcat.apache.org/connectors-doc/reference/apache.html> >>> > >>> >>> The section "Using SetHandler and Environment Variables" >>> >>> Now, if you really want to know what is serving what (and learn other >>> interesting things besides about HTTP) install a browser plugin like >>> HttpFox >>> (for Firefox) or Fiddler2 (for IE). These plugins allow you to see the >>> contents of each packet sent by the browser to the server, and from the >>> server to the browser, including the HTTP headers and all. >>> >>> The mod_jk logging is also a tool, but it will only show the traffic >>> between Apache and Tomcat, not what Apache serves directly. >>> >>> >>> ------------------------------****----------------------------** >>> --**--------- >>> To unsubscribe, e-mail: >>> users-unsubscribe@tomcat.**apa**che.org<http://apache.org> >>> <users-unsubscribe@**tomcat.apache.org<users-unsubscr...@tomcat.apache.org> >>> > >>> >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >
