httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens-U. Mozdzen" <jmozd...@nde.ag>
Subject Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers
Date Thu, 08 Feb 2018 16:36:06 GMT
Hi Rainer, hi Mark,

Zitat von Rainer Jung <rainer.jung@kippdata.de>:
> Hi Mark,
>
> Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
>> Hello, I have an operational setup where Apache httpd is proxying  
>> secure websockets traffic to an Apache Tomcat server. In other  
>> words, I'm using ProxyPass to pass traffic along to a WSS url.
>>
>> I'm now having some issues trying to throw mod_headers into the  
>> mix. I'm attempting to manipulate the "Upgrade" header like so in  
>> my Apache httpd Virtual Host:
>>
>> < LocationMatch "/somewhere" >
>>   RequestHeader set Upgrade websocket
>>   ProxyPass wss://192.168.1.77/some_url_on_tomcat  
>> <http://192.168.1.77/some_url_on_tomcat>
>> < / LocationMatch >
>>
>> So, supposing the client sends something funky for Upgrade like  
>> "WebSocket" (as an older version of a certain websocket library  
>> does), this RequestHeader directive should, by my understanding,  
>> replace it with "websocket".
>>
>> However, when I place %{Upgrade}i in both my Apache httpd and  
>> Apache Tomcat access logs, I'm finding that the modified Upgrade  
>> header appears only in my httpd access logs, Tomcat says it is  
>> getting the original unmodified value!
>>
>> This is rather perplexing to me as my understanding is that  
>> RequestHeader should permanently alter that request header. The  
>> Tomcat setup I have is very straightforward and there should be no  
>> surprises there.
>>
>> I've tried changing my RequestHeader usage to do an unset and add  
>> I've also tried adding the "early" directive to the end of  
>> RequestHeader, but that does not alter the behavior.
>>
>> It sure seems like the problem is with how Apache httpd is passing  
>> things along somehow, but my research hasn't come up with an answer  
>> that explains it or offers a resolution. Am I missing something here?
>>
>> Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24
>
> You are probably proxying with mod_proxy_wstunnel. It seems to me  
> that "Upgrade: WebSocket" is hard-coded in that module.

according to the docs, you can actually specify the protocol:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html :

"In fact the module can be used to upgrade to other protocols, you can  
set the upgrade parameter in the ProxyPass directive to allow the  
module to accept other protocol."

 From https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass :

"Parameter "upgrade", default "WebSocket": Protocol accepted in the  
Upgrade header by mod_proxy_wstunnel. See the documentation of this  
module for more details."

So maybe setting "upgrade=websocket" as a ProxyPass parameter might  
already achieve what Mark is looking for?

Regards
Jens


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message