Skip to main content

X-Forwarded-Proto is not honored

2 replies [Last post]
Anonymous

Hi guys,

I have a glassfish 3.1.2.2 instance running behind an AWS Elastic Load
Balancer, which terminates the SSL. I have deployed an app on glassfish
under /mycontext and there is nothing deployed on the root context path. My
application servlet handles "X-Forwarded-Proto" manually.

When I try to make a call to https://domain.com/mycontext/ everything works
as expected, however, when I try to call https://domain.com/mycontext with
no ending slash, I get a 301 and get redirected to http instead, which, my
load balancer is not listening for.

I have tried setting http.scheme-mapping to X-Forwarded-Proto:
"asadmin set
configs.config.server-config.network-config.protocols.protocol.http-listener-1.http.scheme-mapping=X-Forwarded-Proto"
or even by manually editing the domain.xml file, doesn't help.

Any further suggestions are really appreciated!

Regards,
Ikrom

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
oleksiys
Offline
Joined: 2006-01-25
Points: 0

Hi Ikrom,

I'm not sure why you process X-Forwarded-Proto header in your servlet,
it should work transparently after you set the scheme-mapping property
(the command you used is correct).
I've just tried it locally and it works as expected:

/telnet localhost 8080//
//Trying ::1...//
//Connected to localhost.//
//Escape character is '^]'.//
//GET /TestServlet HTTP/1.1//
//Host: localhost:8080//
//X-Forwarded-Proto: https//
//
//HTTP/1.1 301 Moved Permanently//
//X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source
Edition 3.1.2.2 Java/Oracle Corporation/1.7)//
//Location: https://localhost:8080/TestServlet///
//Content-Type: text/html;charset=ISO-8859-1//
//Content-Language: en-US//
//Transfer-Encoding: chunked//
//Date: Thu, 16 May 2013 00:20:36 GMT//
//
//0/

Can you pls. give us more details on how we can reproduce the issue.

Thanks.

WBR,
Alexey.

On 10.05.13 01:59, Ikrom Hotamov wrote:
> Hi guys,
>
> I have a glassfish 3.1.2.2 instance running behind an AWS Elastic Load
> Balancer, which terminates the SSL. I have deployed an app on
> glassfish under /mycontext and there is nothing deployed on the root
> context path. My application servlet handles "X-Forwarded-Proto" manually.
>
> When I try to make a call to https://domain.com/mycontext/ everything
> works as expected, however, when I try to call
> https://domain.com/mycontext with no ending slash, I get a 301 and get
> redirected to http instead, which, my load balancer is not listening for.
>
> I have tried setting http.scheme-mapping to X-Forwarded-Proto:
> "asadmin set
> configs.config.server-config.network-config.protocols.protocol.http-listener-1.http.scheme-mapping=X-Forwarded-Proto"
> or even by manually editing the domain.xml file, doesn't help.
>
> Any further suggestions are really appreciated!
>
> Regards,
> Ikrom

fwelland
Offline
Joined: 2006-03-13
Points: 0

Sorry to but in --- I don't really have an answer -- but I think I have had a very similar problem as the OP.

Here is how I reproduced it:

http://stupidfredtricks.blogspot.com/2012/10/glassfish-31x-behind-ssl-te...

Well for me, I simply wanted my GF based web-app to make redirects with https and w/o port specs -- even though my GF was doing neither. I don't think this is possible with 3.1.1 -- but 3.1.2.2 suggests that maybe it can.

(FWIW -- my end resolution -- for now -- was to convince my netadmins to re-write 302 on the load balancers...)