-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Razi,
On 4/24/15 9:34 AM, Razi Ansari wrote: > >> Date: Fri, 24 Apr 2015 09:15:29 -0400> From: >> ch...@christopherschultz.net To: users@tomcat.apache.org Subject: >> Re: Apache Tomcat jk connector 400 bad request >> > Razi, > > (What email program are you using? It doesn't seem to understand > mailing lists because your replies don't include the thread-id > required to properly-group mailing list threads. That's pretty > frustrating because all your messages look separate from the others > in the thread.) > >> Apologies for the email, I am using Window Live Mail as my mail >> client. It's okay. It's just a minor irritation. But it /will/ make the archives a mess. > On 4/24/15 8:10 AM, Razi wrote: >>>> I checked up on the firewall, there is none between the >>>> webserver and the jboss application server. >>>> >>>> I had enabled the trace in modjk.log and found the following >>>> entries, with KeepAliveTimeout set to 5 > > What is KeepAliveTimeout? Is that your setting on httpd? If so, > that only affects incoming requests from clients into httpd. It has > no effect on the connections between httpd and Tomcat. > >> KeepAliveTimeout, this is the one in httpd.conf of Apache Web >> Server. I set it to 5, i get the 400 error,increase it to 15, >> don't get the error. Yeah... that's really weird. >>>> There is no error in the Jboss application server logs. > > Interesting. What about the access log? Does JBoss even admit to > accepting the request? > >> The access log ,shows time of request received (%t), as >> 15:31:53 2015 , with 300 seconds as the time taken to serve the >> request (%D). But this line is actually printed 5 minutes >> afterward with other requests which were received at 15:36:48 , >> and also it shows 400 as status. Another thing I notice in the >> modjk.log, is that for this request, I only see the request >> header getting printed, don't see any body getting printed in the >> logs. On Jboss logs, I can see the request coming in, wait for 5 >> minutes and then process the request successfully. The good news is that Tomcat is accepting the request, logging it, etc. A 400 response usually means that the request is broken in some way. It could be a partial request or something like that. For instance, an HTTP/1.1 request that never provides the \r\n\r\n required after the headers would just hang waiting or the \r\n\r\n. When the request-read timeout (keepAliveTimeout, defaulting to connectionTimeout, defaulting to -1; infinite) occurs, the connection will simply cancel the in-flight request. Have you set connectionTimeout or keepAliveTimeout to something other than their defaults? This would be in the JBoss configuration. I don't know how those timeouts are expressed in JBoss, but in Tomcat they would be on the <Connector> element. I think you might want to take this question to JBoss, especially if you are using a version of JBoss that doesn't use Tomcat under the cover s. Your mod_jk configuration looks fine to me; I can't think of a reason why you would be getting these dropped connections, unless you are under some kind of attack by someone trying to exploit a request-splitting vulnerability that exists somewhere in your stack. (And it would have to exist, because some component is convinced that there is a request that hasn't been fully made, and presumably the client is only sending complete requests.) You may have to pull-out a packet-sniffer for this one. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVOk3CAAoJEBzwKT+lPKRYGSsQAJFkvk/lrhGT92Em2BRJfVnh uzfHA3h8+Ynbgcc3CJzLGYleXbvC/HSIzcC1YTPmZZGs8mOBTz3yicwRwbrPryC/ OlqC4v0lloN0eTZ8dub7P6dUg8g5awP+4G6r8WEdZ55WuIReQgDo3kD/2Md8+RXF rwPbOHFWUCwF56URqEEJ2fSbjH1D37lxT+oR6BCHGcRftoUmnffPCHXY5dY1RGNg k8tuvREPvPz6HE00JYpIfnphCnS7z37fo+fQgNmyXqwKhE8aWnQZEZ2R5zlK+u78 7ex04iSIGFJSrh3vOci6Vq9R5i3dIBKK2s/WGuUQ9aKcAbcxnyqgfkz9ssp6fWUi v4fQ+li1ZwwP9SYB6XgT6yGRwZ2UJsOGHfV93AkjzZ505vEJd6r1LjaB+ZxZ1Z6V P2Km9VrQe844QdNOGphWTYaEDYUXjLScSlS8gAXWG/zh9r0dUravZiiXReXY8FLd I6mkzK1+ThuOEQqvHDN+hN9ClrlSlQ9D6JbN90BdlhQQA/5PGlwyKluapG/4UEpe 0+vUALR6/IiQ4HwgrkitXGpOjPvVTZWnjs2pyS5ulezs5qzMNXdctKzWLsQ8tuR7 F/uosc575v1om/j2XKtrbK/+lNA2PSEJ9WhjLsL8dLygH1/jmL1LDJQwAeESzock gLQX0EYmGUG8QJBI1+sq =MlqE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org