I am trying to turn off chunking for my java web application. We use apache cxf and are hitting a soap service.
I changed the conduit setting in the config file
<http-conf:conduit
name="*.http-conduit">
<http-conf:client
ConnectionTimeout="2000"
ReceiveTimeout="60000"
MaxRetransmits="2"
ChunkingThreshold="700000"
AllowChunking="false"/>
</http-conf:conduit>
Set it manually
HTTPConduit http = (HTTPConduit)client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(2000);
httpClientPolicy.setReceiveTimeout(60000);
httpClientPolicy.setMaxRetransmits(2);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
None of them work and any request above 4k I see transfer-encoding: chunked
Another side question: Is there a different setting for HTTPS and HTTP in cxf?
Related
I have installed the Varnish with Apach2 and setup that using the HTTP proxy apache module and used the headers to get the Data over HTTP and send it to HTTPS using reverse proxy.
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:80/
ProxyPassReverse / http://127.0.0.1:80/
RequestHeader set X-Forwarded-Port “443”
RequestHeader set X-Forwarded-Proto “https
But the issue I am facing this setup is the Browser error Content is loading from HTTP over HTTPS has been blocked.
Mixed Content: The page at '' was loaded over HTTPS, but
requested an insecure stylesheet ''. This request has been
blocked; the content must be served over HTTPS.
Please help to understand where I am wrong and how can I make this work?
Thank you in Advance.
There's not a whole lot of context about the setup and the configuration, but based on the information you provided I'm going to assume you're using Apache to first terminate the TLS connection and then forward that traffic to Varnish.
I'm also assuming Apache is also configured as the backend in Varnish listening on a port like 8080 whereas Varnish is on 80 and the HTTPS Apache vhost is on 443.
Vary header
The one thing that might be missing in your setup is a cache variation based on the X-Forwarded-Proto header.
I would advise you to set that cache variation using the following configuration:
Header append Vary: X-Forwarded-Proto
This uses mod_headers and can either be set in your .htaccess file or your vhost configuration.
It should allow Varnish to be aware of the variations based on the Vary: X-Forwarded-Proto header and store a version for HTTP and one for HTTPS.
This will prevent HTTP content being stored when HTTPS content is requested and vice versa.
A good way to simulate the issue
If you want to make sure the issue behaves as I'm expecting it to, please perform a test using the following steps:
Clear your cache through sudo varnishadm ban obj.status "!=" 0
Run varnishlog -g request -q "ReqUrl eq '/'" to filter logs for the. homepage
Call the HTTP version of the homepage and ensure its stored in the cache
Capture the log output for this transaction and store it somewhere
Call that same page over HTTPS and check whether or not the mixed content errors occur
Capture the log output for this transaction and store it somewhere
Then fix the issue through the Vary: X-Forwarded-Proto header and try the testcase again.
In case of problems, just add the 2 log transactions to your question (1 for the miss, 1 for the hit) and I'll examine it for you
I've been trying for hours to allow an angularjs client (localhost:5000) to access the resources of a python server using flask (localhost:5001), but I keep receiving the same error message "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5001/api. (Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials').
So far I've tried to:
Allow CORS via flask_cors using
from flask_cors allow CORS
api = Blueprint('api', __name__)
CORS(api, resources={"/api/*: {"origins": "*"}})
Use angular http-proxy-middleware, both with
server.middleware = proxy('/api', {target: 'http://localhost:5001', changeOrigin:true});
and
server.middleware = proxy('/api', {target: 'http://localhost:5001', changeOrigin:true, onProxyRes: function(proxyRes, req, res){proxyRes.headers['Access-Control-Allow-Origin']='*';}});
The Access-Control-Allow-Origin field in the response header is "http://localhost:5000" and not "http://localhost:5001", which is (if I understand it right), what I need. Any ideas?
I had the same problem and fixed it using the CORS decorator #cross_origin() using the parameter supports_credentials=True (note that you can't use origin='*' and support_credentials=True at the same time)
More infos can be found here
I'm creating an Apache CXF JAX-RS client and adding an inInterceptor
MyProxy proxy = JAXRSClientFactory.create("http://path.to.url", MyProxy.class);
ClientConfiguration config = WebClient.getConfig(service);
config.getInInterceptors().add(new RemoveAlertsInterceptor());
How can I set a parameter inside the RemoveAlertsInterceptor, which I can read from the proxy?
I created a simple appengine project that accesses a restful webservice hosted in http://commerce.qa.mycomp.com (mycomp should be replaced with my actual company name).
I am using the Jersey Client to make the client request. I do a POST request to the above url.
When I run the application locally, it always returns 404 Not Found response. For experimenting, I did a POST request to http://www.bbc.co.uk/news/ and this works fine, and returns 200 as the status.
I just decoupled my app from appengine and ran it in the separately-configured tomcat server, and there it works fine and returns 200 status code. I think appengine uses Jetty as the server. Does Jetty have any bugs processing urls like commerce.qa.mycomp.com. Why I am asking this is urls that start with www.any.com seems to be working fine.
The two code snippets shown below is not working when run within appengine locally(not running even if I host it to appspot).
Client client = Client.create();
WebResource service = client.resource("http://commerce.qa.mycomp.com/rest");
ClientResponse response = service
.header("Content-Type", "text/xml; Charset=utf-8")
.header("Authorization", "Basic dwt3hkl553lsfsfssf3")
.post(ClientResponse.class, "does not need to be actual xml");
URL url = new URL("http://commerce.qa.mycomp.com/rest");
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "text/xml; Charset=utf-8");
conn.addRequestProperty("Authorization", "Basic dwt3hkl553lsfsfssf3");
OutputStream os = conn.getOutputStream();
os.write("no need to be actual xml".getBytes());
os.flush();
System.out.println("Response Code: " + conn.getResponseCode());
But when run with tomcat, it just works.
My installations are:
Google App Engine Java SDK 1.6.1
Google Plugin for Eclipse 3.7
jersey-client-1.12, jersey-core-1.12, jersey-json-1.8
Please share thoughts.
I have Apache2 SSL which is fronting Spring webapp as follows:
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
All works fine... i mean all links ... are correct, and in general webapp works, so the problem is not a matter of an application or SSL..
Except starting/cancelling webflows: they produce http URLs instead of https://
I found one topic here:
forum.springsource.org/showthread.php?70730-Webflow-2-0-and-reverse-proxy
They say it is not a problem of Spring WebFlow...
What is a workaround in this situation?
Providing that all requests to the Tomcat connector are received via SSL terminated at httpd then you can add the following to your connector:
scheme="https" secure="true"
This tells Tomcat to treat the connection as if it was received over an SSL connection direct to Tomcat. This is required when proxying over http since there is no mechanism within http to pass the SSL info to Tomcat. There are ways to pass some of this info via http headers. Look at the SSLValve docs in Tomcat.
Alternatively, using AJP will work since AJP passes SSL information from httpd to Tomcat.