Re: [users@httpd] help with reverse proxy
On Wed, Oct 6, 2021 at 3:18 PM Nick Kew wrote: > > > Sort of. Chromium is now working, but FF is still reporting the > > "Content Encoding" issue. > > Have you cleared FF's cache? Well Not explicitly. I did use ++R, which I was under the impression that that did a full reload and ignored cached pages. However... https://support.mozilla.org/en-US/questions/1104556 So, I went into the settings and cleared cookies and site data. Which seemed to fix the problem. Both Chromium and FF now seem to work. I wonder how long it will work before it fails. We'll find out! > Also you don't appear to need mod_xml2enc > (other pages might, but I'd guess probably not). Agreed, but... # a2dismod xml2enc ERROR: The following modules depend on xml2enc and need to be disabled first: proxy_html So, I guess I'll leave it enabled for now. > If you simply don't load it in the server you'll simplify things. > In fact it looks as if mod_xml2enc needs updating to work > correctly with HTML 5's nonsense! Ha. Thanks for all the help and expertise, Nick. I appreciate it! Stop by Duluth, MN for a beer sometime. :) Best, -m -m - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] help with reverse proxy
> On 5 Oct 2021, at 22:43, Matt Zagrabelny wrote: > > GET /polaris/ HTTP/1.1 > Accept-Encoding: gzip, deflate > HTTP/1.1 200 OK > content-encoding: gzip OK, that looks like it should be fine for the browser and server. It looks like you're dealing with compressed data. If the proxy is to rewrite links, it needs to be uncompressed for that. mod_deflate can deal with that, but it adds complexity and processing overhead, so you're probably better-off disabling compression - which is what the Unset Accept-Encoding is about. However, if compression were indeed at the root of the issue, I'd expect to see something different in the log. I have a distant recollection of a bug dealing with that, but thought it was long-fixed. > $ curl -v http://127.0.0.1:5050/ Looking at that, all is well, and you've got the document body, and you do indeed have links correctly rewritten from /foo to /polaris/foo. That's with no compression anywhere in the transaction. > Sort of. Chromium is now working, but FF is still reporting the > "Content Encoding" issue. Have you cleared FF's cache? Also you don't appear to need mod_xml2enc (other pages might, but I'd guess probably not). If you simply don't load it in the server you'll simplify things. In fact it looks as if mod_xml2enc needs updating to work correctly with HTML 5's nonsense! -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Stupid question on mod_header
ср, 6 окт. 2021 г. в 13:10, Martin Knoblauch : > > Hi, > > sorry for asking this likely stupid question. This is with Apache HTTPD > 2.4.48. > > I want to change the value of the X-Frame-Options response header from DENY > to SAMEORIGIN. The header is apparently set by Tomcat 9.0.53. > > Naively, because the mod_header documentation says "The response header is > set, replacing any previous header with this name. The value may be a format > string.", I added a single > > Header always set X-Frame-Options SAMEORIGIN > > to the VirtualHost section of the httpd configuration. To my surprise my > browser (FF and Chrome) has two headers now, one with DENY, one with > SAMEORIGIN. And falls back to DENY :-( > > When I add an unset before the set, it works > > Header unset X-Frame-Options > Header always set X-Frame-Options SAMEORIGIN > > Is my understanding of the mod_header documentation wrong, or do I miss > somethiong subtle? See my recent answer in "X-Frame-Options and security" thread. https://httpd.markmail.org/message/pwsrgbj7pjy4qiei All is in the docs, if you read carefully, but I agree that it is subtle. https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header Essentially, (as far as I am reading it), "onsuccess" and "always" are just names of two separate tables (lists) of headers that exist in parallel. it does not offer any "normalized" single list of headers Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Docker Image mit falscher httpd-Version
Hallo in die Runde, ich verwende einen Reverseproxy mittels httpd und rolle ihn über Docker aus. Das Docker Image wird standardmäßig vom Docker Hub bezogen (ich habe nichts anderes eingestellt). Docker läuft auf einer virtuellen CentOS7 Maschine: uname -a Linux Reverseproxy 3.10.0-1160.42.2.el7.x86_64 #1 SMP Tue Sep 7 14:49:57 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux In den Logs vom httpd ist mir jedoch gerade aufgefallen, dass eine alte httpd-Version angeführt wurde, was mich stutzig machte. Ein "docker ps" meldet mir Folgendes: docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e098bec72640 httpd:2.4.50 "httpd-foreground" 12 minutes ago Up 12 minutes reverseproxy Wenn ich ein "docker exec -it reverseproxy bash" und anschließend ein "httpd -v" ausführe wird mir jedoch Folgendes genannt: httpd -v Server version: Apache/2.4.46 (Unix) Server built: Mar 27 2021 10:13:27 Das sollte jedoch nicht sein. Auf der Maschine befinden sich folgende Images: docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 2.4.50 bc9d3c5a7455 13 hours ago 138MB httpd 2.4.49 5ebe6e00baf9 2 weeks ago 138MB httpd 2.4.48 39c2d1c93266 4 months ago 138MB httpd 2.4.46 4ede4372e89b 6 months ago 138MB Die SHA256 Prüfsumme zum 2.4.50 Abbild lautet: docker inspect --format='{{index .RepoDigests 0}}' bc9d3c5a7455 httpd@sha256:bd470654fd1d80e695152962aa6afd1e28ddc9a2402180d160b9577fed1621e0 bzw. docker pull sieht wie folgt aus: docker image pull httpd:2.4.50 2.4.50: Pulling from library/httpd Digest: sha256:bd470654fd1d80e695152962aa6afd1e28ddc9a2402180d160b9577fed1621e0 Status: Image is up to date for httpd:2.4.50 docker.io/library/httpd:2.4.50 Diese Prüfsumme passt jedoch zu keiner Prüfsumme vom Docker Hub. https://hub.docker.com/layers/httpd/library/httpd/2.4.50/images/sha256-a0a1605656b89fe249c6306e5646d3d3c2d50606e134d411d8e8f732527cbdbb?context=explore Wenn ich das Image lösche und neu herunterladen besteht das Problem weiterhin. Hat jemand von euch eine Ahnung wo der Hund hier begraben liegt und wie ich das Problem lösen kann? Ich danke euch! -- Mit freundlichen Grüßen Sebastian Luhnburg IT -- swp software systems GmbH & Co. KG Königsbrücker Straße 124 01099 Dresden Tel: 0351-492850 Fax: 0351-4928550 www: https://www.vi-bim.de Kennen Sie schon unsere FAQ-Wissensdatenbank? Einfach hier klicken: https://faq.vi-bim.de Unsere Datenschutzerklärung finden Sie unter https://datenschutz.vi-bim.de Registergericht: Amtsgericht Dresden HRA 3008 persönlich haftender Gesellschafter: swp Beteiligungs GmbH Registergericht: Amtsgericht Dresden HRB 15 20 9 Geschäftsführer: Holger Schönemann, Stefan Urlberger OpenPGP_0x1E7D455B730DAD17.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: [users@httpd] Stupid question on mod_header
Probably because the header is being added later in a different sub-context. That is, at the time apache sets the header for virtual host there is no other header of the same name defined, so there is nothing to eliminate and set instead, but then the path for the reverse proxy to tomcat is being evaluated later. I would suppose setting it in the specific location for the path that leads to tomcat things would be different. In any case try and see. Regards. El mié., 6 oct. 2021 12:09, Martin Knoblauch escribió: > Hi, > > sorry for asking this likely stupid question. This is with Apache HTTPD > 2.4.48. > > I want to change the value of the X-Frame-Options response header from > DENY to SAMEORIGIN. The header is apparently set by Tomcat 9.0.53. > > Naively, because the mod_header documentation says "The response header is > set, replacing any previous header with this name. The value may be a > format string.", I added a single > > Header always set X-Frame-Options SAMEORIGIN > > to the VirtualHost section of the httpd configuration. To my surprise my > browser (FF and Chrome) has two headers now, one with DENY, one with > SAMEORIGIN. And falls back to DENY :-( > > When I add an unset before the set, it works > > Header unset X-Frame-Options > Header always set X-Frame-Options SAMEORIGIN > > Is my understanding of the mod_header documentation wrong, or do I miss > somethiong subtle? > > Cheers > Martin > -- > -- > Martin Knoblauch > email: k n o b i AT knobisoft DOT de > www: http://www.knobisoft.de >
[users@httpd] Stupid question on mod_header
Hi, sorry for asking this likely stupid question. This is with Apache HTTPD 2.4.48. I want to change the value of the X-Frame-Options response header from DENY to SAMEORIGIN. The header is apparently set by Tomcat 9.0.53. Naively, because the mod_header documentation says "The response header is set, replacing any previous header with this name. The value may be a format string.", I added a single Header always set X-Frame-Options SAMEORIGIN to the VirtualHost section of the httpd configuration. To my surprise my browser (FF and Chrome) has two headers now, one with DENY, one with SAMEORIGIN. And falls back to DENY :-( When I add an unset before the set, it works Header unset X-Frame-Options Header always set X-Frame-Options SAMEORIGIN Is my understanding of the mod_header documentation wrong, or do I miss somethiong subtle? Cheers Martin -- -- Martin Knoblauch email: k n o b i AT knobisoft DOT de www: http://www.knobisoft.de
[users@httpd] duplicate logging into one global access/error log
Currently I have virtualhost configuration files that configure logging like this[1] (in a local dir). How can I add something to eg /etc/httpd/conf/httpd.conf that logs everything of all configured virtual hosts ALSO into some global log file? [1] .. .. CustomLog "|/usr/sbin/rotatelogs -L /home//logs/www.example.com-access.log -p /usr/local/sbin/rlogs-umask.sh -l /home//logs/%Y/www.example.com-%Y%m%d-access.log 86400" combined ErrorLog "|/usr/sbin/rotatelogs -L /home//logs/www.example.com-error.log -p /usr/local/sbin/rlogs-umask.sh -l /home//logs/%Y/www.example.com-%Y%m%d-error.log 86400" .. .. ..