DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41610>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41610 Summary: mod_jk incorrectly creates duplicate content-length:0 header Product: Tomcat 5 Version: 5.5.16 Platform: PC OS/Version: Linux Status: NEW Keywords: RFC Severity: normal Priority: P2 Component: Native:JK AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] Under specific circumstances, the mod_jk adds a content-length:0 header, even if there was already another content-length:0 header. Tomcat seems to handle it without problem. But if tomcat forwards the packet to another Apache, this second Apache sends an http 400 error (incorrect request), due to this duplicate header. We have this behavior when an empty (i.e. without any body) POST request is sent by Internet Explorer. This happens when IE tries to authenticate through NTLM with a POST request. We have the following architecture : Server 1 : - A: a web application (Jahia 5.0.1_02) running under tomcat 5.5.17 - B: an apache 2.0.40 running on the same server, with mod_jk 1.2.20 Server 2 : - C: a web application (Jahia cache server r370) running under tomcat 5.5.16 - D: an apache 2.0.40 running on the same server, with mod_jk 1.2.20 Both servers run with Linux Redhat. Tomcat A is configured to authenticate users through NTLM, with the java library jcifs 1.2.11 Tomcat C behaves (roughly) as a reverse-proxy : it sends the packets to Apache B. Apache B and D have been set up to implement optional SSL encryption. NTLM authentication is made with Active Directory 2003. If I send my requests to Apache D, I have the http 400 error with every POST request. By sniffing the packets, I discovered that this http error was sent by Apache B, and not D. If I send my requests to Tomcat C, I don't have any http 400 errors. The duplicate content-length:0 is created by Apache D, accepted by Tomcat C, but refused by Apache B. These http errors happen with or without SSL encryption. They do not happen if I disable NTLM authentication on Tomcat A, probably because no empty POST requests are sent. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
