[jboss-jira] [JBoss JIRA] (AS7-4397) http interface uses relative paths for redirections

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Thu Jul 5 09:56:13 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-4397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704655#comment-12704655 ] 

Darran Lofthouse commented on AS7-4397:
---------------------------------------

The implementation I will use for this will be to just make use of the supplied Host header - from an AS perspective we can only work with the information that we have available to us so the proxy should be supplying what we need.

If the proxy is going to convert the Host header then it should convert the response URL back.

If additional configuration is to be performed worst case is to just handle the redirect directly in the proxy and don't rely on the AS side of the redirect.

                
> http interface uses relative paths for redirections
> ---------------------------------------------------
>
>                 Key: AS7-4397
>                 URL: https://issues.jboss.org/browse/AS7-4397
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Documentation, Domain Management
>    Affects Versions: 7.1.1.Final
>            Reporter: Aleksandar Kostadinov
>            Assignee: Darran Lofthouse
>             Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
>
>
> The HTTP interface uses relative address in Location header when redirecting:
> {code}$ curl -v localhost:9990
> * About to connect() to localhost port 9990 (#0)
> *   Trying 127.0.0.1... connected
> * Connected to localhost (127.0.0.1) port 9990 (#0)
> > GET / HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> > Host: localhost:9990
> > Accept: */*
> > 
> < HTTP/1.1 301 Moved Permanently
> < Transfer-encoding: chunked
> < Location: /console/index.html
> < Date: Wed, 04 Apr 2012 12:50:14 GMT
> < 
> * Connection #0 to host localhost left intact
> * Closing connection #0
> {code}
> This is a problem running a reverse proxy to server the console. RFC 1945 requires that to be a complete absolute URI [1]. The problem is that mod_proxy expects a complete URI. The problem manifests when proxying is performed on path other than ROOT of the http server (e.g. you open http://server_public_hostname/asconsole to access console). A typical mod_proxy configuration in this case would be:
> {code}ProxyPass /asconsole/ http://localhost:9990/
> ProxyPassReverse /asconsole/ http://localhost:9990/
> ProxyPassReverseCookiePath / /asconsole/
> ProxyPassReverseCookieDomain localhost server_public_hostname
> {code}
> redirects in this case are not translated by mod_proxy because it matches against string "http://localhost:9990/". And one is redirected to /something instead of /asconsole/something. 
> curl output:{code}
> curl -v http://my_public_hostname/asconsole
> * About to connect() to my_public_hostname port 80 (#0)
> *   Trying 24.24.164.76... connected
> * Connected to my_public_hostname (24.24.164.76) port 80 (#0)
> > GET /asconsole HTTP/1.1
> > User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> > Host: my_public_hostname
> > Accept: */*
> > 
> < HTTP/1.1 301 Moved Permanently
> < Date: Wed, 04 Apr 2012 12:29:30 GMT
> < Location: /console/index.html
> < Connection: close
> < Transfer-Encoding: chunked
> < Content-Type: text/plain; charset=UTF-8
> < 
> * Closing connection #0
> {code}
> The workarounds are described in the workaround section.
> I'm not really sure what the best approach for this problem would be. Using the Host header of request makes some sense but if one already uses ProxyPreserveHost On then it can also affect this functionality. Hardcoding the URL would be a complication to configuration. Perhaps making the behavior configurable and documented would be best.
> [1] http://en.wikipedia.org/wiki/HTTP_location

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list