|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2006
/
2006-11
/
Re: [Pound Mailing List] problem with http forward infinite loop
[
problem with http forward infinite loop / Adam ... ]
[
Re: [Pound Mailing List] ANNOUNCE: Pound - ... ]
Re: [Pound Mailing List] problem with http forward infinite loop
Adam Just <adam_just(at)yahoo.com> |
2006-11-01 05:07:58 |
[ FULL ]
|
Thank you Robert for pointing out the mistake in the configuration. You are
also correct that this mistake is not the source of the problem that I have
posted. I have checked and re-checked the configuration and cannot understand
why pound is getting a different response than a web client. I have checked
other web clients, and they all get the expected HTTP 200.
I compiled, installed, configured, and tried some other proxies to see what
the behavoir would be:
haproxy (1.2.16 - latest version) gets a single redirect (to a URL that
includes the sessionid as a parameter), the client the makes the new invocation
to the redirected url and is then satisfied with an HTTP 200.
apache (2.2.3 - latest version) with mod_proxy and mod_proxy_html directly
gets an HTTP 200 (behaves identically to the expected good case - the one I see
with a browser directly hitting the app-server).
192.168.2.100 - - [31/Oct/2006:19:54:40 -0800] "GET / HTTP/1.1" 200 5321
192.168.2.100 - - [31/Oct/2006:19:55:53 -0800] "GET /company/about.do HTTP/1.1"
200 5107
BTW - a "forward" (which may be a Java Server only term?) is a configuration
of a ServletContainer or Application Server to return content other than the
URI that was otherwise requested - without sending back a redirect and having
the client re-initiate the request. Typically after a "forward" the content
returned does not match the URL in the browser - which will not change as a
result of the lack of notification back to the client.
Can you think of any other reason why pound is exhibiting the behavior I
described in my original post? (It may indeed be a misconfiguration of my
application - I just have no idea what it would be and I am unable to reproduce
this behavior with other clients / proxies)?
Thank you very much.
Adam
<<
You obviously have a bug in your application: without Pound the server
answers with a 200 (no "forward", whatever that may be, and no
redirect). With Pound you get a 302 (redirect), which Pound rewrites to
the correct address, as shown by your headers.
I suggest you check carefully on your application to see exactly why it
reacts differently to a request coming from Pound and one that comes
from a browser.[...][...]
|
|
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Robert Segall <roseg(at)apsis.ch> |
2006-11-01 18:18:09 |
[ FULL ]
|
On Tue, 2006-10-31 at 20:07 -0800, Adam Just wrote:[...]
About the best you could do is to sniff the traffic between Pound and
your back-end to see what actually happens. tcpwatch is nice, but any
other tools would do.
Post here the sniffed traffic, together with your back-end logs and
we'll take it from there.[...]
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Adam Just <adam_just(at)yahoo.com> |
2006-11-02 03:21:07 |
[ FULL ]
|
I have sniffed the traffic using tcpwatch as suggested. Attached are the
generated logs and configuration files used.
./tcpwatch.py -s -L 9090:192.168.2.201:8000 >& pound.server.txt
wget http://192.168.2.201:9090/company/about.do
>& pound.client.txt
Thank you very much!
Adam
------------------
I cannot find any additional information from the logs leading to a
solution... here is an excerpt :
Forwarding :9090 -> 192.168.2.201:8000
[00:00.000 - client 192.168.2.201:41951 forwarded to 192.168.2.201:8000]
==>GET /company/about.do HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:9090
==>Connection: Keep-Alive
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
dat
e=200603311500)/Tomcat-5.5
<==Set-Cookie: JSESSIONID=09AE29546BE5C85E274A8E41D6883CB0; Path=/
<==Location: http://192.168.2.201:9090/company/about.do;jsessionid=09AE29546BE5C
85E274A8E41D6883CB0
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Thu, 02 Nov 2006 02:05:38 GMT
<==Connection: keep-alive
<==
[00:00.017 - server closed]
[00:00.000 - client 192.168.2.201:41954 forwarded to 192.168.2.201:8000]
==>GET /company/about.do;jsessionid=09AE29546BE5C85E274A8E41D6883CB0
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:9090
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=09AE29546BE5C85E274A8E41D6883CB0
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
dat
e=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:9090/company/about.do;jsessionid=09AE29546BE5C
85E274A8E41D6883CB0
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Thu, 02 Nov 2006 02:05:38 GMT
<==Connection: keep-alive
<==
[00:00.017 - server closed]
[00:00.000 - client 192.168.2.201:41957 forwarded to 192.168.2.201:8000]
==>GET /company/about.do;jsessionid=09AE29546BE5C85E274A8E41D6883CB0
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:9090
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=09AE29546BE5C85E274A8E41D6883CB0
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
Robert Segall <roseg(at)apsis.ch> wrote:
On Tue, 2006-10-31 at 20:07 -0800, Adam Just wrote:[...]
About the best you could do is to sniff the traffic between Pound and
your back-end to see what actually happens. tcpwatch is nice, but any
other tools would do.
Post here the sniffed traffic, together with your back-end logs and
we'll take it from there.[...]
|
|
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Robert Segall <roseg(at)apsis.ch> |
2006-11-02 18:17:52 |
[ FULL ]
|
On Wed, 2006-11-01 at 18:21 -0800, Adam Just wrote:[...]
Looking at the trace about the only difference between a direct
connection and one via Pound is the Host header: in the direct
connection it contains the address of the back-end (the actual server at
192.168.2.201:8000), while when done via Pound it contains the Pound
listener address (192.168.2.201:9090 for this case). I suggest you have
a look if anything in your setup checks on that - it looks very much
like your application refuses these connections and insists on
responding with a redirect.
What I also find very disturbing is that I don't see the X-Forwarded-for
header which Pound ALWAYS adds to the request. Are you sure that what
you sent is the actual traffic between Pound and the back-end rather
than between the client and Pound?[...]
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Adam Just <adam_just(at)yahoo.com> |
2006-11-04 06:20:35 |
[ FULL ]
|
My apologies,
Here are the logs between pound and the application server, jboss.
Forwarding :9090 -> 192.168.2.201:8080
[00:00.000 - client 192.168.2.201:49495 forwarded to 192.168.2.201:8080]
[00:00.000 - server connected]
==>GET /company/about.do HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>X-Forwarded-For: 192.168.2.201
==>
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Set-Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D; Path=/
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.114 - client closed]
[00:00.000 - client 192.168.2.201:49498 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49501 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49504 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49507 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.020 - client closed]
[00:00.000 - client 192.168.2.201:49510 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.020 - client closed]
[00:00.000 - client 192.168.2.201:49513 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49516 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49519 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49522 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.020 - client closed]
[00:00.000 - client 192.168.2.201:49525 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49528 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49531 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49534 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.020 - client closed]
[00:00.000 - client 192.168.2.201:49537 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49540 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.038 - client closed]
[00:00.000 - client 192.168.2.201:49543 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.020 - client closed]
[00:00.000 - client 192.168.2.201:49546 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49549 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49552 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
[00:00.000 - client 192.168.2.201:49555 forwarded to 192.168.2.201:8080]
==>GET /company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
HTTP/1.0
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Host: 192.168.2.201:8000
==>Connection: Keep-Alive
==>Cookie: JSESSIONID=D83CF4D488409457E7A8A16E80FE394D
==>X-Forwarded-For: 192.168.2.201
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build:
CVSTag=JBoss_4_0_4_CR2 date=200603311500)/Tomcat-5.5
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=D83CF4D488409457E7A8A16E80FE394D
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 05:19:23 GMT
<==Connection: keep-alive
<==
[00:00.019 - client closed]
TCPWatch finished.
Robert Segall <roseg(at)apsis.ch> wrote:
On Tue, 2006-10-31 at 20:07 -0800, Adam Just wrote:[...]
About the best you could do is to sniff the traffic between Pound and
your back-end to see what actually happens. tcpwatch is nice, but any
other tools would do.
Post here the sniffed traffic, together with your back-end logs and
we'll take it from there.[...]
|
|
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Robert Segall <roseg(at)apsis.ch> |
2006-11-04 12:00:11 |
[ FULL ]
|
On Fri, 2006-11-03 at 21:20 -0800, Adam Just wrote:[...]
This looks good: the parameter is preserved, the Location is rewritten
correctly, everything works as expected. The only problem I see is that
your back-end replies eternally with a redirect.
As I already mentioned: check if your application verifies the Host
header (or derived variables, such as SERVER, PORT and PROTOCOL or
whatever they are called in your environment) and make sure that
requests are accepted even if this header does not match the address you
are actually listening on.
To test: use a simple telnet connection (or use curl/wget with a custom
header). Connect directly to the back-end and issue a GET request, once
with the Host header pointing to the back-end itself and once with the
Host header pointing elsewhere.[...]
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Adam Just <adam_just(at)yahoo.com> |
2006-11-05 06:42:49 |
[ FULL ]
|
2006-11-04 12:00:11 Robert Segall wrote:
<<
To test: use a simple telnet connection (or use curl/wget with a custom
header). Connect directly to the back-end and issue a GET request, once
with the Host header pointing to the back-end itself and once with the
Host header pointing elsewhere.[...]
>>
First, thank you so much for all of your help! I can't tell you how grateful
I am! I think the answer may be close at hand, thanks to you.
Following is a transcript from tcpwatch between apache 2.2.3 mod_proxy and
JBoss (the backend server). mod_proxy sends the request as http 1.1 versus
pound as 1.0. But notice that the Host is still set to a different port (not
the one the app server is listening on). The Max-forwards header can probably
be ruled out. There are also the two additional headers, X-Forwarded-Host,
X-Forwarded-Server.
------------------- mod_proxy transcript ------------------------
Forwarding :9090 -> 192.168.2.201:8080
[00:00.000 - client 192.168.2.201:60504 forwarded to 192.168.2.201:8080]
==>GET /company/about.do HTTP/1.1
==>Host: 192.168.2.201:9090
==>User-Agent: Wget/1.10.2
==>Accept: */*
==>Max-Forwards: 10
==>X-Forwarded-For: 192.168.2.201
==>X-Forwarded-Host: 192.168.2.201
==>X-Forwarded-Server: ares.acjust.com
==>Connection: Keep-Alive
==>
[00:00.000 - server connected]
<==HTTP/1.1 302 Moved Temporarily
<==Server: Apache-Coyote/1.1
<==X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
dat
e=200603311500)/Tomcat-5.5
<==Set-Cookie: JSESSIONID=091AC1380BEBE64F4F585B9B110F5BBD; Path=/
<==Location: http://192.168.2.201:8080/company/about.do;jsessionid=091AC1380BEBE
64F4F585B9B110F5BBD
<==Content-Type: text/html
<==Content-Length: 0
<==Date: Sat, 04 Nov 2006 21:15:13 GMT
<==
TCPWatch finished.
-------------------------------------------------------------------------------------------
The following is a transcript of a session on the client side, no sniffing,
just wget --debug directly to the backend (in this case the host header is set
and is in agreement with what the backend expects.
------------------- wget --debug http://192.168.2.201:8080/company/about.do
------------
DEBUG output created by Wget 1.10.2 on linux-gnu.
--21:33:43-- http://192.168.2.201:8080/company/about.do
=> `about.do.3'
Connecting to 192.168.2.201:8080... connected.
Created socket 3.
Releasing 0x0808d4a0 (new refcount 0).
Deleting unused 0x0808d4a0.
---request begin---
GET /company/about.do HTTP/1.0
User-Agent: Wget/1.10.2
Accept: */*
Host: 192.168.2.201:8080
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
date=2
00603311500)/Tomcat-5.5
Set-Cookie: JSESSIONID=712895E3E6D340A84DE30EA290140AC2; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 05 Nov 2006 05:33:43 GMT
Connection: close
---response end---
200 OK
Stored cookie 192.168.2.201 8080 / <session> <insecure> [expiry
none] JSESSIONID
712895E3E6D340A84DE30EA290140AC2
Length: unspecified [text/html]
0K ...... 1.96 MB/s
Closed fd 3
21:33:43 (1.96 MB/s) - `about.do.3' saved [6603]
----------------------------------------------------------------------------------------------------------------------
Now setting the Host header to a location that doesn't exist:
wget --debug --header 'Host: 192.168.2.201:6060'
192.168.2.201:8080/company/about.do >& wget-host-header-reset.txt
Now it loops endlessly - wget cuts it off after 20 redirects, as in the case
with pound. Help me understand, - I am confused. mod_proxy has this header
also set differently then the actual backend - but it does not cause this same
scenario...?
PS - I excerpted only the beginning of the transaction - there are twenty
plus request - response members in the cycle.
----------------------------------------------------------------------------------------------------------------------
Setting --header (header) to Host: 192.168.2.201:6060
DEBUG output created by Wget 1.10.2 on linux-gnu.
--21:39:51-- http://192.168.2.201:8080/company/about.do
=> `about.do.4'
Connecting to 192.168.2.201:8080... connected.
Created socket 3.
Releasing 0x0808d4d0 (new refcount 0).
Deleting unused 0x0808d4d0.
---request begin---
GET /company/about.do HTTP/1.0
User-Agent: Wget/1.10.2
Accept: */*
Host: 192.168.2.201:6060
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
date=2
00603311500)/Tomcat-5.5
Set-Cookie: JSESSIONID=4097CADE0BF0858299BD46142CB5F355; Path=/
Location: http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF08582
99BD46142CB5F355
Content-Type: text/html
Content-Length: 0
Date: Sun, 05 Nov 2006 05:39:51 GMT
Connection: keep-alive
---response end---
302 Moved Temporarily
Registered socket 3 for persistent reuse.
Stored cookie 192.168.2.201 8080 / <session> <insecure> [expiry
none] JSESSIONID
4097CADE0BF0858299BD46142CB5F355
Location: http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF08582
99BD46142CB5F355 [following]
Skipping 0 bytes of body: [] done.
--21:39:51-- http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF0
858299BD46142CB5F355
=> `about.do.4'
Reusing existing connection to 192.168.2.201:8080.
Reusing fd 3.
---request begin---
GET /company/about.do;jsessionid=4097CADE0BF0858299BD46142CB5F355 HTTP/1.0
User-Agent: Wget/1.10.2
Accept: */*
Host: 192.168.2.201:6060
Connection: Keep-Alive
Cookie: JSESSIONID=4097CADE0BF0858299BD46142CB5F355
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.CR2 (build: CVSTag=JBoss_4_0_4_CR2
date=2
00603311500)/Tomcat-5.5
Location: http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF08582
99BD46142CB5F355
Content-Type: text/html
Content-Length: 0
Date: Sun, 05 Nov 2006 05:39:51 GMT
Connection: keep-alive
---response end---
302 Moved Temporarily
Location: http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF08582
99BD46142CB5F355 [following]
Skipping 0 bytes of body: [] done.
--21:39:51-- http://192.168.2.201:8080/company/about.do;jsessionid=4097CADE0BF0
858299BD46142CB5F355
=> `about.do.4'
|
|
|
|
|
Re: [Pound Mailing List] problem with http forward infinite loop
Robert Segall <roseg(at)apsis.ch> |
2006-11-06 17:37:22 |
[ FULL ]
|
On Sat, 2006-11-04 at 21:42 -0800, Adam Just wrote:[...]
This is identical to the Pound case - and quite irrelevant. What is
really important is the NEXT request: does it go to Apache or directly
to the back-end? What Host does it show?
[...]
So again, you have a problem with redirects. For the last time: check
your application and find what causes the redirect in the first place.[...]
|
|
|
|
