httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers
Date Thu, 08 Feb 2018 16:24:28 GMT
Hi Mark,

Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
> Hello, I have an operational setup where Apache httpd is proxying secure 
> websockets traffic to an Apache Tomcat server. In other words, I'm using 
> ProxyPass to pass traffic along to a WSS url.
> I'm now having some issues trying to throw mod_headers into the mix. I'm 
> attempting to manipulate the "Upgrade" header like so in my Apache httpd 
> Virtual Host:
> < LocationMatch "/somewhere" >
>    RequestHeader set Upgrade websocket
>    ProxyPass wss:// 
> <>
> < / LocationMatch >
> So, supposing the client sends something funky for Upgrade like 
> "WebSocket" (as an older version of a certain websocket library does), 
> this RequestHeader directive should, by my understanding, replace it 
> with "websocket".
> However, when I place %{Upgrade}i in both my Apache httpd and Apache 
> Tomcat access logs, I'm finding that the modified Upgrade header appears 
> only in my httpd access logs, Tomcat says it is getting the original 
> unmodified value!
> This is rather perplexing to me as my understanding is that 
> RequestHeader should permanently alter that request header. The Tomcat 
> setup I have is very straightforward and there should be no surprises there.
> I've tried changing my RequestHeader usage to do an unset and add I've 
> also tried adding the "early" directive to the end of RequestHeader, but 
> that does not alter the behavior.
> It sure seems like the problem is with how Apache httpd is passing 
> things along somehow, but my research hasn't come up with an answer that 
> explains it or offers a resolution. Am I missing something here?
> Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24

You are probably proxying with mod_proxy_wstunnel. It seems to me that 
"Upgrade: WebSocket" is hard-coded in that module.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message