Springboot / tomcat / apache反向代理,其中哪个应用程序设置了回复标头
我有一个在Tomcat中运行的Springboot(没有安全性)应用程序,并且服务器上的Apache反向代理。 提出邮政请求时,返回状态403。
我怀疑Tomcat或Apache反向代理负责返回403。 HTTP请求或HTTP响应中的哪些信息导致403返回代码? 我该如何解决?
pom.xml
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-math3</artifactId>
<version>3.6.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>${open-api}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.jfree</groupId>
<artifactId>jfreechart</artifactId>
<version>1.0.19</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
httpd.conf
SSLCipherSuite 'kEECDH+ECDSA kEECDH kEDH HIGH +SHA !aNULL !eNULL !LOW !MEDIUM !MD5 !EXP !DSS !PSK !SRP !kECDH SSLHonorCipherOrder On
SSLRandomSeed startup file:/dev/urandom 2048
SSLRandomSeed connect builtin
DocumentRoot /apache/htdocs
AddDefaultCharset utf-8
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [redirect,last]
<Directory /apache/htdocs>
Require all granted
Options None
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
<Directory /apache/htdocs>
Require all granted
Options None
AllowOverride None
</Directory>
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/www.guli.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/www.guli.com/privkey.pem"
</VirtualHost>
<IfModule mod_proxy.c>
<Location "/">
ProxyPass "http://localhost:50080/main/" connectiontimeout=5 timeout=600
ProxyPassReverse "http://localhost:50080/main/"
ProxyPassReverseCookiePath "/main/" "/"
ProxyPreserveHost On
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
</Location>
# so läuft mal: http://www.guli.com
<Location "/email">
ProxyPass "http://localhost:50099/email"
ProxyPassReverse "http://localhost:50099/email"
ProxyPassReverseCookiePath "/email" "/"
RequestHeader set X-Forwarded-Prefix "/email"
ProxyPreserveHost On
</Location>
# /ta/swagger-ui.html
<Location "/ta">
ProxyPass "http://localhost:50086/ta"
ProxyPassReverse "http://localhost:50086/ta"
ProxyPassReverseCookiePath "/ta" "/"
RequestHeader set X-Forwarded-Prefix "/ta"
ProxyPreserveHost On
</Location>
# pres/swagger-ui.html
<Location "/pres">
ProxyPass "http://localhost:50083/pres"
ProxyPassReverse "http://localhost:50083/pres"
ProxyPassReverseCookiePath "/pres" "/"
RequestHeader set X-Forwarded-Prefix "/pres"
ProxyPreserveHost On
</Location>
<Location "/guli-web">
ProxyPass "http://localhost:50096/guliadmin-web" connectiontimeout=5 timeout=600
ProxyPassReverse "http://localhost:50096/guliadmin-web"
ProxyPassReverseCookiePath "/guliadmin-web" "/guliadmin-web"
ProxyPreserveHost On
</Location>
<Location "/.well-known">
ProxyPass "!"
</Location>
ProxyRequests Off
ProxyVia Off
ProxyStatus On
</IfModule>
I've a springBoot (without security) application running in Tomcat and with Apache reverse proxy on the server.
When making a POST request, the status 403 is returned.
I suspect Tomcat or apache reverse proxy to be responsible for returning 403.
Which information in the HTTP request or HTTP response is causing the 403 return code ?
And how can I fix it ?
pom.xml
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-math3</artifactId>
<version>3.6.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>${open-api}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.jfree</groupId>
<artifactId>jfreechart</artifactId>
<version>1.0.19</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
httpd.conf
SSLCipherSuite 'kEECDH+ECDSA kEECDH kEDH HIGH +SHA !aNULL !eNULL !LOW !MEDIUM !MD5 !EXP !DSS !PSK !SRP !kECDH SSLHonorCipherOrder On
SSLRandomSeed startup file:/dev/urandom 2048
SSLRandomSeed connect builtin
DocumentRoot /apache/htdocs
AddDefaultCharset utf-8
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [redirect,last]
<Directory /apache/htdocs>
Require all granted
Options None
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
<Directory /apache/htdocs>
Require all granted
Options None
AllowOverride None
</Directory>
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/www.guli.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/www.guli.com/privkey.pem"
</VirtualHost>
<IfModule mod_proxy.c>
<Location "/">
ProxyPass "http://localhost:50080/main/" connectiontimeout=5 timeout=600
ProxyPassReverse "http://localhost:50080/main/"
ProxyPassReverseCookiePath "/main/" "/"
ProxyPreserveHost On
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
</Location>
# so läuft mal: http://www.guli.com
<Location "/email">
ProxyPass "http://localhost:50099/email"
ProxyPassReverse "http://localhost:50099/email"
ProxyPassReverseCookiePath "/email" "/"
RequestHeader set X-Forwarded-Prefix "/email"
ProxyPreserveHost On
</Location>
# /ta/swagger-ui.html
<Location "/ta">
ProxyPass "http://localhost:50086/ta"
ProxyPassReverse "http://localhost:50086/ta"
ProxyPassReverseCookiePath "/ta" "/"
RequestHeader set X-Forwarded-Prefix "/ta"
ProxyPreserveHost On
</Location>
# pres/swagger-ui.html
<Location "/pres">
ProxyPass "http://localhost:50083/pres"
ProxyPassReverse "http://localhost:50083/pres"
ProxyPassReverseCookiePath "/pres" "/"
RequestHeader set X-Forwarded-Prefix "/pres"
ProxyPreserveHost On
</Location>
<Location "/guli-web">
ProxyPass "http://localhost:50096/guliadmin-web" connectiontimeout=5 timeout=600
ProxyPassReverse "http://localhost:50096/guliadmin-web"
ProxyPassReverseCookiePath "/guliadmin-web" "/guliadmin-web"
ProxyPreserveHost On
</Location>
<Location "/.well-known">
ProxyPass "!"
</Location>
ProxyRequests Off
ProxyVia Off
ProxyStatus On
</IfModule>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们看到响应标头在 /位置< /em>中设置为< /em>,而a /ta 位置< /em>部分。
如所说的
We see the response headers being set in the / Location while there's a /ta Location section.
As says the Location documentation, the sections are processed in the order they appear, which means the / should logically be the last section.