Apache 500 when proxying URLS with %20 via mod_proxy

We are receiving a 500 out of Apache while proxying calls to tomcat when there is an encoded space in the URL.

We are migrating an application that ran fine on a J2EE container which had an older, integrated version of Apache (1.x), but as soon as we moved the application to Tomcat + Apache 2 + mod_proxy, we began seeing the error.

For instance:

http://foo.org/app/rest/no_spaces/  works fine
http://foo.org/app/rest/no%20spaces fails with a 500

The request works fine if we hit tomcat directly, and we know that it is not reaching the servlet when going through Apache.

Proxy configuration is as follows for the server that lives on foo.org:

ProxyPass /app ajp://127.0.0.1:8080/app
ProxyPassReverse /app ajp://127.0.0.1:8080/app

We tried switching to HTTP rather than AJP with no change in the error.

The leading theory is that mod_proxy is decoding the %20 and then expecting to see other HTTP header info rather than the remaining URL substring and is resulting in a 500. If this is the case, does anyone have a workaround that does not involve rewriting the app. If this is not the cause, does anyone have a suggestion as to what it could be?

I have seen no documentation or bug reports of this exact symptom in my searches.

Thanks in advance.

Best Answer

Does adding 'nocanon' to your ProxyPass rule work?

i.e. ProxyPass /app ajp://127.0.0.1:8080/app nocanon

From the docs:

Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon keyword suppresses this, and passes the URL path "raw" to the backend. Note that may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.

Best Answer

Related Solutions

Ssl – Rewriting 302 App Server ReDirect URLs with Apache Proxy in the Middle

Httpd – apache httpd+mod_proxy+mod_ntlm

Related Topic