Hi, and thanks for the reponse Chris! Regarding httpd or not, we're in the process of moving stuff from a WebSphere 6.1 to Tomcat 7.x but since we don't have the money to move all apps at once we run both servers behind a httpd, moving one app at a time.
The pcap-files contains the traffic between httpd and tomcat. ok: https://docs.google.com/open?id=0B8cuXS6fkK2YUW5jdzJVbW95VEk fail: https://docs.google.com/open?id=0B8cuXS6fkK2YWVlyTHcwdk1TZDQ The http-headers are not particularly large (and I guess they would be rejected all of the times if they were?). Hmm, on second thought, the headers contain a rather 'large' LtpaToken2 header, don't know if it's considered too large or not though. http headers: https://docs.google.com/open?id=0B8cuXS6fkK2YUFVhXzlJbEFFT28 No ssl, the httpd is ssl-enabled for other url:s but this particular url is using plain http. The ajp connector on the tomcat side is basic: <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> The context config looks like: <Context docBase="xxx" path="/xxx" reloadable="true" allowCasualMultipartParsing="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="xxx_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Context> The "allowCasualMultipartParsing" was something I added for testing but I couldn't see any change in behaviour. I will try to convince the guys running the servers to deploy a new version of the app (with extended logging), guess I have to buy them a couple of beers first though... br /Svante Den 13 april 2012 22:40 skrev Christopher Schultz < ch...@christopherschultz.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Svante, > > On 4/13/12 5:16 AM, Svante Kumlien wrote: > > I have an Apache acting as reverse proxy for a Tomcat over ajp. > > Standard stupid question: are you sure you need Apache httpd in the mix? > > > > (Gaahhh, the stack trace is swallowed, I only have the message > > string! The exception is thrown from FileUploadBase.parseRequest > > :-( ) > > Is there any way to get the full stack trace? Can you re-deploy with > some modified code to get it? > > > I attach two pcap-files with a ok-case and a fail-case. > > The mailing list has stripped your attachments. Try to copy/paste text > into a re-post or post a link to your file(s) instead. > > > The difference I can see is that in the fail-case tomcat starts to > > send the response before the first Body chunk is sent by Apache. > > Can you sniff the traffic between httpd and Tomcat? > > Do you have large headers or anything like that? The AJP message could > be rejected because the headers don't fit into a single AJP packet -- > but that shouldn't trigger a failure in FileUploadBase. > > Is there HTTPS in the mix anywhere? Client certs can make the headers > large. > > > If we switch the proxyPass to use http everything works 100% of the > > time (which makes me think I have a misconfig AJP connector > > somewhere...). > > Can you post the rest of your AJP configuration? For instance, what > does your <Connector> look like on the Tomcat side? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk+Ij00ACgkQ9CaO5/Lv0PCULQCgoBmlLJJkuSpcXDUxbKLc0Ptl > eusAoLlVdrUsETpscxjlCaG04dO4/12e > =UpxR > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
