Adrián Córdoba wrote:
André: 1- So how come the requests are made to the host "localhost" ? I think this is so, because <VirtualHost *:80>. 2- Is this the one and only VirtualHost in Apache ? This is the only virtual host.
How do you enter a URL in the browser, to access this ? (paste an example)
Best regards -- [Adrián Córdoba] 2011/7/22 André Warnier <a...@ice-sa.com>Adrián Córdoba wrote:Well... 1- I delete the "Directory" section from httpd.conf file. 2- I add "JkMount /Andromeda worker1" to the virtual host. 3- I add dynamic content to index.jsp page So I proved the content is served by Tomcat. But I have the same problem: I cannot view the content of protected section of my web application through Apache web server. If I access directly to Tomcat (skipping httpd), I can see the protected content.Ok, so what does that tell us ? - that the webapp in Tomcat seems to work as it should - that at least some requests going through Apache are being forwarded to Tomcat - but obviously, that at least one response page is different, at the browser level, when it is coming back (or not) through Apache, than when it is coming back directly from Tomcat So we must find out what the difference is. And the easiest way to find that out - at least at the first level - is a plugin added to the browser, which would show the real content of that response which appears as a blank page. Do it. Incidentally, the logfile below does not show any error. But it shows only the requests made to Apache httpd. It would not, for example, show us if the browser, for whatever reason, decided to send a request to www.google.com, and got a blank page in response. But the browser plugin would show you that. Now wait a minute.. The logfile below shows requests made to "localhost". But if I remember correctly, this was a VirtualHost, with "ASIA" as ServerName. So how come the requests are made to the host "localhost" ? Is this the one and only VirtualHost in Apache ? Access log in httpd is:------------------------------**------------------------ ::1 - - [21/Jul/2011:21:27:18 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:21 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:21 -0300] "GET /Andromeda/StyleSheet.css HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:22 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:22 -0300] "GET /Andromeda/StyleSheet.css HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:24 -0300] "GET /Andromeda/internal/internal.** jsp HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:27:41 -0300] "GET /Andromeda/internal/j_**security_check HTTP/1.1" 200 433 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:29:46 -0300] "GET /Andromeda/internal/internal.** jsp HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:29:50 -0300] "GET /Andromeda/ HTTP/1.1" 200 669 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:29:50 -0300] "GET /Andromeda/StyleSheet.css HTTP/1.1" 304 - "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ::1 - - [21/Jul/2011:21:29:53 -0300] "GET /Andromeda/internal/internal.** jsp HTTP/1.1" 200 782 "http://localhost/Andromeda/"; "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" ------------------------------**------------------------ Thank you, very much. -- [Adrián Córdoba] 2011/7/21 André Warnier <a...@ice-sa.com> Christopher Schultz wrote:-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 Adrián, On 7/21/2011 3:28 PM, Adrián Córdoba wrote: Thank you, André. I know this "Warning", but I want to serve staticcontent with Apache web server and dynamic content with Tomcat. You can still do that without setting the DocumentRoot to yourappbase. Try this: GET http://localhost/Andromeda/****META-INF/context.xml<http://localhost/Andromeda/**META-INF/context.xml> <http://**localhost/Andromeda/META-INF/**context.xml<http://localhost/Andromeda/META-INF/context.xml> (or maybe GET http://localhost/Andromeda/**** WebContent/META-INF/context.**<http://localhost/Andromeda/**WebContent/META-INF/context.**> xml <http://localhost/Andromeda/**WebContent/META-INF/context.**xml<http://localhost/Andromeda/WebContent/META-INF/context.xml> - - it's really hard to understand what your appbase really is). If you have a container-managed db connection pool, you are more than likely to have your database username and password in that file, which is now publicly accessible via HTTP. Pwned. (The web application contains only links to other pages in the sameapplication. It is a test application to learn.) You should learn to do things properly. I'm not trying to be nasty,but you should try to get in the habit of doing things securely even when they are toys. That way you won't forget to do it when it really matters. +1In addition, the way you have things set up, it is really difficult to help, because we cannot be sure of which server is serving what. In those conditions, with those settings, if an user entershttp://localhost/Andromeda, he gets the "*index.jsp*" page in the WebContent directory. That's surprising, given your configuration.So, I think Tomcat is serving that content. Yes, if the tags are being evaluated and you're not just getting the source code. Do you think Apache is serving "index.jsp" file content? Can't tell, you didn't show us any of that. +1In addition again, it may be serving /that/ file, but what about any links maybe *contained* in that file. Perhaps there are none, but perhaps also there is a link inside (to an image, or an iframe e.g.) which ends up being served by Apache, and which is the reason for the blank page. The main point again : it is *possible* to configure things the way you have done, and to nevertheless avoid security holes and other issues. But it is *hard*, and any mistake can compromise your server, or lead to errors difficult to debug. (For example, you also allow Symlinks, which may confuse things yet a bit more). You should give Apache a different DocumentRoot, not your Tomcat webapps directory. (And maybe put some single html page in it, which should never be appear, and if it does you will know something is wrong). Then you should use both JkMount /Andromeda worker1 JkMount /Andromeda/* worker1 (because they do not overlap) Then, later, if you want Apache to be serving something directly instead of forwarding it to Tomcat, you should look up the JkUnMount directive, and do it selectively. Or use something like SetEnvIf Request_URI "\.jpg$" no-jk Or you could look at an alternative way to specify what needs to be forwarded, which I personally find more flexible and more Apache-like than JkMount/unMount : See here : http://tomcat.apache.org/****connectors-doc/reference/**<http://tomcat.apache.org/**connectors-doc/reference/**> apache.html<http://tomcat.**apache.org/connectors-doc/** reference/apache.html<http://tomcat.apache.org/connectors-doc/reference/apache.html> The section "Using SetHandler and Environment Variables" Now, if you really want to know what is serving what (and learn other interesting things besides about HTTP) install a browser plugin like HttpFox (for Firefox) or Fiddler2 (for IE). These plugins allow you to see the contents of each packet sent by the browser to the server, and from the server to the browser, including the HTTP headers and all. The mod_jk logging is also a tool, but it will only show the traffic between Apache and Tomcat, not what Apache serves directly. ------------------------------****----------------------------** --**--------- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apa**che.org<http://apache.org> <users-unsubscribe@**tomcat.apache.org<users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org------------------------------**------------------------------**--------- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
