I am having an issue with URL encoding. When I am executing URL on browser, server is encoding it again and again, however the url is already encoded to UTF-8.
eg. http://test.com:80/?gotoUrl=http%3A%2F%2Fclosewindow.xyz.com&modal=true
I am getting - https://test.com/?gotoUrl=http%253A%252F%252Fclosewindow.xyz.com&modal=true
I am running my application on HTTPS and redirecting any request on 80 to HTTPS secure port 443. This problem only occurs if I send request on port 80 and server is redirecting it to secure port 443. If I make request on secure port 443, this problem does not occur.
Following is my tomcat configuration,
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="5000"
compression="on"
compressionMinSize="128"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text /json,
application/x-javascript,application/javascript,application/json"
enableLookups="false"
maxPostSize="4096"
URIEncoding="UTF-8"
redirectPort="8443"
/>
<Connector port="8009"
protocol="AJP/1.3"
URIEncoding="UTF-8"
/>
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/path/keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
My environment is like Apache2.2 in on the front and tomcat7.x is connected via AJP with Apache server.
I dig into this issue and I found out that the issue is down to AJP that is using iso-8859-1, however tomcat & Apache are working fine and using UTF-8 encoding. Is there anyway to set encoding to UTF-8 in AJP? I am using mod_proxy_ajp.
Thanks in advance. I would appreciate any help on this.
I suggest the browser is doing it. It doesn't make sense for Tomcat to be doing it. Tomcat would be decoding, not encoding. Try it in the browser with no encoding at all.
Related
Let's say my app is www.example.com.
When I put mydomin.com in the browser, it should redirect to https://www.example.com.
I have configured SSL already on my server.
If I put https://www.example.com, it always opens, but it does not redirect if I entered example.com.
Here is my connector:
<Connector port="8080" connectionTimeout="20000" protocol="org.apache.coyote.http11.Http11NioProtocol" redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="file.jks" keystorePass="pass" />
My server is Tomcat 7 and Linux box.
your http port is 8080 instead of the default 80. A url without the port number will default to port 80 hence http://www.example.com. would go to http://www.example.com:80/.
I'm trying to set GZIP in Tomcat, I've shown a lot of examples but anyone works for me. Below you can see my server.xml configuration and an example of request:
server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
useSendfile="false"
compression="force" compressionMinSize="1024" noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,text/css,application/javascript"/>
request:
Thanks!
I've found the answer, I've disabled my antivirus and compression works fine.
I tried to configure SSL certificate for Tomcat 7(7.0.61) which I installed on Azure Windows VM.
Https does not work and there are no errors in Tomcat logs. I use Digicert certificate which gave me .jks keystore file. VM has its own DNS: myVm.cloudapp.net I registered my own domain NNN.today at one.com and make redirection from NNN.today to myVm.cloudapp.net.
When created certificate I used NNN.today. I configured endpoints for my VM (http for port 80 and SSL for port 443). APR listener is commented out in server.xml.
Here is my server.xml config:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="${catalina.base}/conf/app_farewell_today.jks" keystorePass="my_password" keystoreType="JKS"
truststoreFile="${catalina.base}/conf/app_farewell_today.jks" truststorePass="my_password" truststoreType="JKS"/>
What am I doing wrong? Any help appreciated!
The VM's firewall should be configured to listen to this ports as well and the public endpoint configuration should map to the proper internal ports as well.
I have got two DNS entries for the same IP address. And I have two ssl keystores for each one of them.
Can I mention both the keystores in server.xml as shown below ?
<Connector address="my_IP_Addres" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
enableLookups="true" disableUploadTimeout="true"
keystoreFile="1st_keystore_file" keystorePass="1st_key_pass"
clientAuth="false" sslProtocol="SSL" />
<Connector address="my_IP_Addres" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
enableLookups="true" disableUploadTimeout="true"
keystoreFile="2nd_keystore_file" keystorePass="2nd_key_pass"
clientAuth="false" sslProtocol="SSL" />
No, you cannot use several connectors to single endpoint with Tomcat. HTTPS is HTTP over SSL. It means
client and server establish SSL connection, using only IP:port pairs during handshake procedure
client and server exchange HTTP messages over established SSL connection
DNS entries (host->IP) in your case allows client to resolve server IP before SSL handshake. But during handshake hostnames are not used. This is why server cannot resolve which key/cert pair to use on this phase. And this is the cause, why the only key/cert pair can be provided.
See HTTPS limitations for more details.
We want to redirect all traffic that comes to the http url of our application to https, in order to do that we set the following values in the web.xml in the deploy/jboss-web.deployer/conf directory.
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This does successfully redirect the user to the https location HOWEVER they use a different port as to what was configured in the server.xml in the deploy/jboss-web.deployer path
<Connector port="8381" address="${jboss.bind.address}"
maxThreads="350" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8543" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" compression="on" />
<!-- Define a SSL HTTP/1.1 Connector on port 8643
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!---->
<Connector port="8543" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
keystorePass="changeit"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
emptySessionPath="true" enableLookups="false" redirectPort="8543" />
<Engine name="jboss.web" defaultHost="localhost" jvmRoute="data1">
We had the https port set to 8543 which did then work however the https port that did redirect the user to when the user went to the http url was 8744 (when we set 8744 in the server.xml it worked successfully), however we could not find where the 8744 port was taken, does anyone know how to configure which port the first mentioned code placed in the web.xml redirects to
Another query is that when we put this configuration in to production the https port will be "443", we need to know where to set 443 for the "security-constraint" entry to redirect to. Accessing http://www.data.com will have to redirect to https://www.data.com then
Regards,
Milinda
Well, the good news is that in production it will work fine. The security constraint is doing its job, but it is designed to work only between http (80) and https(443).
Pay attention that 8744 - 8381 = 363 = 443 - 80
I am using JBoss-4.2.3.GA and have observed the same behavior, not sure if it is still doing this on Wildfly.