Home / server / Questions / 126359
Accepted
Kevin Loney
Asked: 2010-03-26 10:50:21 +0800 CST

mod_proxy incorrect redirect behaviour

  • 772

In chrome this configuration causes an infinite redirect loop and in every other browser I have tried a request for https://www.example.com/servlet/foo is resulting in a redirect to https://www.example.com/foo/ instead of https://www.example.com/servlet/foo/ however this only occurs when I do not include a trailing / at the end of the request url (i.e. http://www.flightboard.net/servlet/foo/ works just fine).

<VirtualHost *:80>
    # ...

    RewriteEngine On

    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} ^/servlet(/.*)?$
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    # ...

    ProxyPass /servlet/ ajp://localhost:8009/
    ProxyPassReverse /servlet/ ajp://localhost:8009/
</VirtualHost>

The virtual host on port 443 has no rewrite rules that could possibly causing the problem, the tomcat contexts being referenced do not send any redirects, and if I change the ProxyPass and ProxyPassReverse directives to:

    ProxyPass / ajp://localhost:8009/
    ProxyPassReverse / ajp://localhost:8009/

everything works fine (except for the fact everything from www.example.com is being passed to the proxy which is not the behaviour I want). I'm fairly certain this is a problem with the way I have my proxy settings configured because I did log all the rewrite output coming from apache and it was all correct.

tomcat apache-2.2 mod-proxy

2 Answers

  1. Best Answer

    Switching from mod_proxy_ajp to mod_proxy_http seems to resolve this problem.

    ProxyPass /servlet/ http://localhost:8080/
ProxyPassReverse /servlet/ http://localhost:8080/

    Unfortunately this has the side effect of not passing along the ip address of the remote connection. Another alternative is to add a rewrite rule to match the url with the missing slash at the end:

    RewriteCond %{REQUEST_URI} ^/servlet/[^/]+$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
    • 2

  2. I'm not sure if this is your problem, but ProxyPassReverse doesn't work with the ajp: url. ProxyPassReverse causes rewrites of Location: headers if they match. The headers generated by a redirect have http: URLs, not ajp:

    You should be able to use: 

    ProxyPass /servlet/ ajp://localhost:8009/
ProxyPassReverse /servlet/ http://hostname/

    i.e. use ajp: for the proxy to tomcat, but use http: for matching and rewriting the redirect headers. The returned headers also likely have the real hostname of the server instead of localhost. ( although localhost works for ProxyPass ). You can check the returned headers with 'curl -I ' to see what you need to match.

    See this answer in stackoverflow for some links.

    ( This question is a couple of months old, but I just ran into the same problem, and had a tough time searching for the anwser. )

    • 1