apache 2.4 AJP proxy not working - apache

I am trying configure my Apache 2.4 to connect to my backend Tomcat 8.0.28. in my Mac OS X El Capitan.
I used NameBased VirtualHost with AJP support. config file apache_serviceproxy.conf located: /Library/Server/Web/Config/Proxy
<VirtualHost 10.0.1.100:80>
ProxyPreserveHost On
ServerName www.storageway.com.au
ServerAlias storageway.com.au
ServerAdmin cidy.long#gmail.com
ProxyPass / ajp://127.0.0.1:8009/StorageWayServer/
ProxyPassReverse / ajp://127.0.0.1:8009/StorageWayServer/
</VirtualHost>
Tomcat app context is: http://localhost:8080/StorageWayServer, access Tomcat from LAN, every thing works fine. But when I tried to request over Internet, apache 2.4 call Tomcat through AJP not working well.
Tomcat received html request () from apache AJP properly but from then, every inclusive css, javascript and image in the html with wrong request url, it is simple double application context name.
And this is my Tomcat access log:
148.251.45.185 - - [31/Oct/2015:14:26:07 +1100] "GET /StorageWayServer/ HTTP/1.1" 200 19098
148.251.45.185 - - [31/Oct/2015:14:26:07 +1100] "GET /StorageWayServer/StorageWayServer/dojo-release-1.10.4/dojo/resources/dojo.css HTTP/1.1" 404 1173
148.251.45.185 - - [31/Oct/2015:14:26:08 +1100] "GET /StorageWayServer/StorageWayServer/css/style.css HTTP/1.1" 404 1113
148.251.45.185 - - [31/Oct/2015:14:26:08 +1100] "GET /StorageWayServer/StorageWayServer/dojo-release-1.10.4/dijit/themes/claro/claro.css HTTP/1.1" 404 1183
148.251.45.185 - - [31/Oct/2015:14:26:09 +1100] "GET /StorageWayServer/StorageWayServer/css/dashboard.css HTTP/1.1" 404 1121
148.251.45.185 - - [31/Oct/2015:14:26:09 +1100] "GET /StorageWayServer/StorageWayServer/css/storageway_homeabout.css HTTP/1.1" 404 1143
148.251.45.185 - - [31/Oct/2015:14:26:09 +1100] "GET /StorageWayServer/StorageWayServer/dojo-release-1.10.4/dojo/dojo.js HTTP/1.1" 404 1151
148.251.45.185 - - [31/Oct/2015:14:26:10 +1100] "GET /StorageWayServer/StorageWayServer/images/storageway_logo.png HTTP/1.1" 404 1139
148.251.45.185 - - [31/Oct/2015:14:26:10 +1100] "GET /StorageWayServer/StorageWayServer/images/icons/publish.png HTTP/1.1" 404 1135
148.251.45.185 - - [31/Oct/2015:14:26:10 +1100] "GET /StorageWayServer/StorageWayServer/images/icons/search_engine.png HTTP/1.1" 404 1147
148.251.45.185 - - [31/Oct/2015:14:26:10 +1100] "GET /StorageWayServer/StorageWayServer/images/icons/search33.png HTTP/1.1" 404 1137
148.251.45.185 - - [31/Oct/2015:14:26:10 +1100] "GET /StorageWayServer/StorageWayServer/images/button_hover.gif HTTP/1.1" 404 1133
148.251.45.185 - - [31/Oct/2015:14:26:11 +1100] "GET /StorageWayServer/StorageWayServer/images/button_span_hover.gif HTTP/1.1" 404 1143
If I request it from LAN by access Tomcat directly, it works fine, log as:
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/images/icons/publish.png HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/images/icons/search_engine.png HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/images/icons/search33.png HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/dojo-release-1.10.4/dijit/dijit.js HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/images/button_span_hover.gif HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/images/button_hover.gif HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/dojo-release-1.10.4/dijit/themes/claro/images/spriteArrows.png HTTP/1.1" 304 -
10.0.1.222 - - [31/Oct/2015:14:58:53 +1100] "GET /StorageWayServer/dojo-release-1.10.4/dijit/themes/claro/form/images/buttonArrows.png HTTP/1.1" 304 -
I tried to find some help from google and tried using
RedirectMatch /StorageWayServer http://www.storageway.com.au/
but I never take the extra application context off from the request url.
Any advice or experience welcome.
Have a good week end!

Don't change the context path in the ProxyPass directive. There are many, many ways to shoot yourself in the foot when you do this.
At a guess, the links on your pages are absolute so they include the context path. When the client then requests these, the ProxyPass directive adds the context path again.
You have three choices:
Redploy your application as the ROOT web app and use
ProxyPass / ajp://127.0.0.1:8009/
Access your application with the context path and use
ProxyPass /StorageWayServer/ ajp://127.0.0.1:8009/StorageWayServer/
Spend days / weeks trying to configure mod_sed or similar to edit the responses on the fly to correct the links.
I've seen large organisations spend huge amounts of time and money an option 3 and I really do not recommend it.

Related

HTTP CONNECT requests in Apache web server log

I have an Apache webserver which serves the domain www.mypersonaldomain.com and I found these entries (and more like these) in access log.
88.218.227.227 - - [28/May/2021:08:56:29 +0000] "CONNECT minecraft.moin.games.:30003 HTTP/1.1" 302 213
88.218.227.227 - - [28/May/2021:08:57:03 +0000] "CONNECT minecraft.moin.games.:30003 HTTP/1.1" 302 213
88.218.227.227 - - [28/May/2021:08:58:19 +0000] "CONNECT minecraft.moin.games.:30003 HTTP/1.1" 302 213
34.91.147.149 - - [28/May/2021:10:34:44 +0000] "CONNECT play.destanmc.com:25565 HTTP/1.1" 302 210
34.91.147.149 - - [28/May/2021:10:35:08 +0000] "CONNECT play.destanmc.com:25565 HTTP/1.1" 302 210
34.91.147.149 - - [28/May/2021:10:35:16 +0000] "CONNECT play.destanmc.com:25565 HTTP/1.1" 302 210
34.91.147.149 - - [28/May/2021:10:35:46 +0000] "CONNECT play.destanmc.com:25565 HTTP/1.1" 302 210
194.93.56.130 - - [28/May/2021:16:40:12 +0000] "CONNECT 45.131.0.108:25565 HTTP/1.1" 404 13899
194.93.56.130 - - [28/May/2021:16:40:32 +0000] "CONNECT 45.131.108.30:25565 HTTP/1.1" 404 13920
194.163.135.185 - - [28/May/2021:17:52:52 +0000] "CONNECT play.arkflame.com:25566 HTTP/1.1\n" 400 226
194.163.135.185 - - [28/May/2021:17:52:52 +0000] "CONNECT play.arkflame.com:25566 HTTP/1.1\n" 400 226
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
212.47.244.68 - - [28/May/2021:20:14:24 +0000] "CONNECT www.mypersonaldomain.com:443 HTTP/1.1" 302 212
The server is built on an AWS Lightsail instance using a Bitnami WordPress stack where the recommended, and the default, configuration is to configure Apache to serve static files (images, CSS, JavaScript and more) and use PHP_FPM with Apache’s mod_proxy module to handle PHP requests.
Does those log entries about the requests with 302 response mean that my server is used as
an open proxy?
Why someone would ask my server to CONNECT that way
to my domain?
Is there something can I do in order to block
redirections and secure my server without to disable mod_proxy?
How could I send CONNECT requests by myself for testing?

Special characters in method name in request header

I am facing one weird issue on my Web server. In my web server access log I found some request header having methods names with special characters in it.
Following is snap from my logs:
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "GET /" 200 44
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G\xddET /XYZ/entityIndex.jsp HTTP/1.1" 200 6138
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "\x9fG\xfaET /XYZ/css/bootstrap.min.css HTTP/1.1" 501 1124
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G#ET /XYZ/css/XYZstyles.css HTTP/1.1" 501 1118
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G\xd9ET /XYZ/img/logo-mom.png HTTP/1.1" 501 1120
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G\xefET /XYZ/jquery/api/jquery-2.1.1.min.js HTTP/1.1" 501 1120
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G\x0fET /XYZ/jquery/api/jquery-migrate-1.2.1.js HTTP/1.1" 501 1118
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:14 +0400] "G\x92ET /XYZ/js/XYZcommon.js HTTP/1.1" 501 1120
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:16 +0400] "POST /XYZ/doXYZLogin.action HTTP/1.1" 302 -
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:17 +0400] "GET /" 200 44
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:17 +0400] "GET /XYZ/XYZIndexPage HTTP/1.1" 200 5772
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:19 +0400] "GET /" 200 44
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:21 +0400] "G\xc8ET /XYZ/jquery/validation/jquery.validate.js HTTP/1.1" 501 1120
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:21 +0400] "G\xd1ET /XYZ/img/XYZ-currency.png HTTP/1.1" 501 1120
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:21 +0400] "G\x1bET /XYZ/js/bootstrap.min.js HTTP/1.1" 501 1118
xxx.xxx.xxx.xxx - - [14/Jul/2016:10:05:22 +0400] "GET /" 200 44
You can see some of the request having invalid GET(e.g G\xddET) method. Any idea what is causing this?
It was causing because of CipherSuite selected by web-server to communicate with browser. With following change in configuration issue is resolved now:
SSLHonorCipherOrder On
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!AES128-SHA

SVN merge with HTTPS slow on FreeBSD

I setup SVN and Apache, and when I do a checkout it executes normally, but whenever I try to run svn merge for some reason it just hangs.
Here is the output from my Apache access logs:
==> httpd-access.log <==
[IP_ADDRESS] - - [30/Mar/2015:10:46:47 -0400] "OPTIONS [BRANCH_PATH] HTTP/1.1" 401 381
[IP_ADDRESS] - [AUTH_USER] [30/Mar/2015:10:46:47 -0400] "OPTIONS [BRANCH_PATH] HTTP/1.1" 200 179
[IP_ADDRESS] - [AUTH_USER] [30/Mar/2015:10:46:47 -0400] "OPTIONS [BRANCH_PATH] HTTP/1.1" 200 179
[IP_ADDRESS] - [AUTH_USER] [30/Mar/2015:10:46:47 -0400] "REPORT /!svn/rvr/[REV_ID]/[BRANCH_PATH] HTTP/1.1" 200 381
[IP_ADDRESS] - - [30/Mar/2015:10:46:49 -0400] "OPTIONS [TRUNK_PATH] HTTP/1.1" 401 381
[IP_ADDRESS] - [AUTH_USER] [30/Mar/2015:10:46:49 -0400] "OPTIONS [TRUNK_PATH] HTTP/1.1" 200 179
I do have a similar setup (SVN + Apache) on another Debian Linux server, and everything works well on that end.
Let me know if you need any more information.

sencha touch 2 app not displaying in android browser completely

I have a completely working Sencha Touch2 example app running on my python single threaded server (django like runserver) on my laptop. It uses jsonp to load images for carousel similar to example here http://edspencer.net/2012/02/building-a-data-driven-image-carousel-with-sencha-touch-2.html
It works on my Chrome and partially on firefox.
I followed the guide to make the production build from docs in Sencha Touch 2. All good here too on Chrome. Here are the requests I see.
127.0.0.1 - - [03/Jul/2012 00:21:15] "GET /static/build/production/cache.manifest HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/app.json?1341246076009 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/Logger.js?_dc=1341246076006 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/deltas/app.js/812d759b7c7a366ab0976c13044b2cd38f3444dc.json?1341246076040 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/Base.js?_dc=1341246076130 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/writer/Console.js?_dc=1341246076307 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /favicon.ico HTTP/1.1" 404 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/writer/Writer.js?_dc=1341246076347 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/formatter/Formatter.js?_dc=1341246076386 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /static/build/production/src/log/formatter/Default.js?_dc=1341246076449 HTTP/1.1" 200 -
127.0.0.1 - - [03/Jul/2012 00:21:16] "GET /w00t/?_dc=1341246076539&page=1&start=0&limit=25&callback=Ext.data.JsonP.callback1 HTTP/1.1" 200 -
Now I head over to my android Samsung Galaxy Tab 10.1 (android 3.x) on wifi to access the sencha app via the LAN IP (I tried android phones too)
Here I see my loading indicator and then blam... black blank screen.
I see the requests are incomplete. here are the requests:
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /static/build/production/index.html HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /static/build/production/cache.manifest HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /static/build/production/app.json?1341246263383 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /favicon.ico HTTP/1.1" 404 -
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /static/build/production/resources/css/app.css?1341246263429 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:24] "GET /static/build/production/sdk/sencha-touch.js?1341246263432 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:25] "GET /static/build/production/app.js?1341246263436 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:26] "GET /static/build/production/src/log/Logger.js?_dc=1341246265378 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:26] "GET /static/build/production/app.json?1341246265382 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:27] "GET /static/build/production/src/log/Base.js?_dc=1341246265428 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:27] "GET /static/build/production/src/log/writer/Console.js?_dc=1341246265780 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:27] "GET /static/build/production/src/log/writer/Writer.js?_dc=1341246265830 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:27] "GET /static/build/production/src/log/formatter/Formatter.js?_dc=1341246265870 HTTP/1.1" 200 -
192.168.0.109 - - [03/Jul/2012 00:24:27] "GET /static/build/production/src/log/formatter/Default.js?_dc=1341246265912 HTTP/1.1" 200 -
It always gets stuck at Default.js
I am no JS ninja and evaluating Sencha touch 2 for a touch friendly version of my site.
It's sad I cannot try my nifty touch swipe carousel :( I have to mouse swipe on my chrome and be content of my lame achievements. Getting this to work has been my goal for past night and I would love to see it work.
P.S. The actual example does work on tab beautifully. But it could have been made in a different (older) version of ST2. I am using 2.0.2 here. I copy pasted most of the code from the example and changed a few minor things to fit my aesthetic desires.
TIA

Apache Reverse proxy with proxy authentication

I have the following setup
Box A (192.168.8.180 - running apache reverse proxy)
Box B (192.168.8.100:808 - Proxy server to connect to internet)
Due to internal reasons, The IP of box A is redirected to http://xyz.mydomain.com/. The reverse proxy uses the proxy running in Box B to connect to internet.
The setup works fine when the proxy does not need any authentication. But When the proxy at Box B needs authentication, all my request to the reverse proxy fails with the following error.
<h1>Unauthorized ...</h1>
<h2>IP Address: 192.168.8.180:1799<br>
MAC Address: <br>
Server Time: 2011-09-21 20:32:16<br>
Auth Result: </h2>
Here is my apache configuration
<VirtualHost *:80>
ServerName xyz.mydomain.com
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRemote * http://192.168.8.100:808/
ProxyPass / http://xyz.mydomain.com/
ProxyPassReverse / http://xyz.mydomain.com/
RequestHeader set Authorization "Basic cGFuZGlhbjpwYW5kaWFu"
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "logs/myerror.log"
CustomLog "logs/myaccess.log" common
</VirtualHost>
Any ideas?
access log says the following
127.0.0.1 - - [21/Sep/2011:20:24:55 +0530] "GET / HTTP/1.1" 407 142
127.0.0.1 - - [21/Sep/2011:20:24:57 +0530] "GET / HTTP/1.1" 407 142
192.168.8.180 - - [21/Sep/2011:20:25:33 +0530] "GET / HTTP/1.1" 407 142
192.168.8.227 - - [21/Sep/2011:20:32:07 +0530] "GET / HTTP/1.1" 407 142
192.168.8.180 - - [21/Sep/2011:20:32:14 +0530] "GET / HTTP/1.1" 407 142
192.168.8.180 - - [21/Sep/2011:20:32:15 +0530] "GET / HTTP/1.1" 407 142
192.168.8.227 - - [21/Sep/2011:20:33:58 +0530] "GET / HTTP/1.1" 407 142
192.168.8.227 - - [21/Sep/2011:20:35:03 +0530] "GET / HTTP/1.1" 407 142
192.168.8.227 - - [21/Sep/2011:20:35:16 +0530] "GET / HTTP/1.1" 407 142
192.168.8.227 - - [21/Sep/2011:20:35:24 +0530] "GET / HTTP/1.1" 407 142
The proxy credentials are correct. verified with browser.
Thanks