Hi,
we have experienced problems on a CentOS7 with apache 2.4.6, APR 1.4.8, APR-UTIL 1.5.2.
Apache is doing proxypass to a tomcat webapp, including websocket, through these directives:
ProxyPass /webtop/push ws://127.0.0.1:58080/webtop/push
ProxyPassReverse /webtop/push ws://127.0.0.1:58080/webtop/push
ProxyPass /webtop http://127.0.0.1:58080/webtop timeout=180
ProxyPassReverse /webtop http://127.0.0.1:58080/webtop
The tomcat webapp logs informations about user access using the request header x-forwarded-for that proxypass adds.
Everything is fine at first access, IP of the user is correctly logged.
What happens is that when the user logs our, the webapp first closes the websocket then logs the user out closing the session and redirecting to login: here something goes wrong and from then on, during the same all tcp session running the N next http requests, x-forwarded-for is missing, so if the user logs in again, the logged IP is 127.0.0.1 because x-forwarded-for is missing, and it will be coming back when a new tcp session is started, later on.
We could verify via wireshark dump that the last request having x-forwarded-for is the websocket close request, then nothing from logout to login and some other 10-20 requests.
Because this is not happening on other systems with newer versions of httpd, we tried on a test CentOS7 to upgrade apache using a non official repository, and verified that in this case everything was working fine.
So, the problem is that we have many systems running CentOS7 with that apache version, and we can upgrade only agains the official repository, which is not deliverying any new version at the moment.
So I was hoping for someone to suggest any other possible solution to this problem, maybe changing some configuration or anything else.
Thanks a lot for your help,
Gabriele
Sonicle S.r.l. : http://www.sonicle.com
Music: http://www.gabrielebulfon.com
eXoplanets : https://gabrielebulfon.bandcamp.com/album/exoplanets
we have experienced problems on a CentOS7 with apache 2.4.6, APR 1.4.8, APR-UTIL 1.5.2.
Apache is doing proxypass to a tomcat webapp, including websocket, through these directives:
ProxyPass /webtop/push ws://127.0.0.1:58080/webtop/push
ProxyPassReverse /webtop/push ws://127.0.0.1:58080/webtop/push
ProxyPass /webtop http://127.0.0.1:58080/webtop timeout=180
ProxyPassReverse /webtop http://127.0.0.1:58080/webtop
The tomcat webapp logs informations about user access using the request header x-forwarded-for that proxypass adds.
Everything is fine at first access, IP of the user is correctly logged.
What happens is that when the user logs our, the webapp first closes the websocket then logs the user out closing the session and redirecting to login: here something goes wrong and from then on, during the same all tcp session running the N next http requests, x-forwarded-for is missing, so if the user logs in again, the logged IP is 127.0.0.1 because x-forwarded-for is missing, and it will be coming back when a new tcp session is started, later on.
We could verify via wireshark dump that the last request having x-forwarded-for is the websocket close request, then nothing from logout to login and some other 10-20 requests.
Because this is not happening on other systems with newer versions of httpd, we tried on a test CentOS7 to upgrade apache using a non official repository, and verified that in this case everything was working fine.
So, the problem is that we have many systems running CentOS7 with that apache version, and we can upgrade only agains the official repository, which is not deliverying any new version at the moment.
So I was hoping for someone to suggest any other possible solution to this problem, maybe changing some configuration or anything else.
Thanks a lot for your help,
Gabriele
Sonicle S.r.l. : http://www.sonicle.com
Music: http://www.gabrielebulfon.com
eXoplanets : https://gabrielebulfon.bandcamp.com/album/exoplanets