Dispatcher returns 403 Error with port in Host-Header | Adobe Higher Education
Skip to main content
Thomas-MCH
Thomas-MCH
June 29, 2017
Beantwortet

Dispatcher returns 403 Error with port in Host-Header

  • June 29, 2017
  • 5 Antworten
  • 1690 Ansichten

Our AEM author instance is running behind a Apache webserver. The Apache webserver uses the dispatcher and the ssl module. If we send a POST request with the Host-Header "cms.domain.com:443/path/file.html" to the AEM author instance, the Apache returns a 403 Error. If we use the Host-Header "cms.domain.com/path/file.html" (widthout port) it works. We ar not able to change the configuration in the sending application, so the Apache must process the Host-Header with the port inside.

How should we configure the dispatcher.any?

Do we have to configure every domain/subdomain with and withour port (e.g. cms.domain.com:443 and cms.domain.com)? Or ist there an other, better solutiion?

We are using Apache 2.4 and the dispatcher module 4.2.2 together wirth AEM 6.2.

Thank you for aour assistance.

Regards

Thomas

Dieses Thema wurde für Antworten geschlossen.
Beste Antwort von joerghoh

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

5 Antworten

joerghoh
Adobe Employee
joerghohAdobe EmployeeAntwort
Adobe Employee
June 29, 2017

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

Thomas-MCH
Thomas-MCHAutor
June 30, 2017

Hi Jörg

Thank you for your answer. We set the leglevel of the dispatcher to DEBUG. The we see that the reqests with the additional port behind the URL (in the Host-Header) goes to the last configured website in the dispatcher.any. So in our case these POST requests to the author instance would be served to the publish instance thrugh the dispatcher.

Now we made the following changes in the dispatcher.any:

/virtualhosts

  {

  "subdomain.domain.com"

  "subdomain.domain.com:443"

  }

We hope that this is the right way to configure the dispatcher for HTTPS/SSL?

Best regards

Thomas

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
June 30, 2017

Hi,

yepp, that could work.

Thomas-MCH
Thomas-MCHAutor
July 4, 2017

HI Jörg

On our development system we have both instances (author and publish) on the same server. And at the beginning of our tests we didn't see any requests on the author instance. After we activated the dispatcher log (DEBUG) we see that the dispatcher sends the requests to the last farm in the configuration. This is vice versa to an apache configuration.

Can you confirm that the dispatcher is using the last configured farm as default?

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
July 5, 2017

The dispatcher matches the hostnames given in the HTTP "Host" header to the entries listed in the "/virtualhosts" section of the dispatcher farm.

If the host name does not match any of these entries (of all configured farms), the last farm will be taken as default.

Jörg

Allgemeine NutzungsbedingungenAccessibility statement

Loading footer...