Springboot / tomcat / apache 反向代理 ,其中哪个应用程序正在设置响应标头

Springboot/ tomcat / apache reverse proxy , which of those applications is setting the reponse header

提问人:user2023141 提问时间:6/3/2022 最后编辑:Eugène Adelluser2023141 更新时间:6/6/2022 访问量:432

问:

我有一个在Tomcat中运行的springBoot(没有安全性)应用程序,并在服务器上使用Apache反向代理。 发出 POST 请求时,返回状态 403。

我怀疑 Tomcat 或 apache 反向代理负责返回 403。 HTTP 请求或 HTTP 响应中的哪些信息导致了 403 返回代码? 我该如何解决它?

enter image description here

pom.xml

<dependency>
    <groupId>org.apache.commons</groupId>
    <artifactId>commons-math3</artifactId>
    <version>3.6.1</version>
</dependency>

<dependency>
    <groupId>org.apache.commons</groupId>
    <artifactId>commons-collections4</artifactId>
    <version>4.4</version>
</dependency>

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-ui</artifactId>
    <version>${open-api}</version>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <scope>provided</scope>
</dependency>

<dependency>
    <groupId>org.postgresql</groupId>
    <artifactId>postgresql</artifactId>
    <scope>runtime</scope>
</dependency>

<dependency>
    <groupId>junit</groupId>
    <artifactId>junit</artifactId>
</dependency>

<dependency>
    <groupId>org.jfree</groupId>
    <artifactId>jfreechart</artifactId>
    <version>1.0.19</version>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-mail</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-test</artifactId>
    <scope>test</scope>
    <exclusions>
        <exclusion>
            <groupId>org.junit.vintage</groupId>
            <artifactId>junit-vintage-engine</artifactId>
        </exclusion>
    </exclusions>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-webflux</artifactId>
</dependency>

httpd.conf (httpd.conf)

SSLCipherSuite 'kEECDH+ECDSA kEECDH kEDH HIGH +SHA !aNULL !eNULL !LOW !MEDIUM !MD5 !EXP !DSS !PSK !SRP !kECDH SSLHonorCipherOrder On
SSLRandomSeed startup file:/dev/urandom 2048
SSLRandomSeed connect builtin

DocumentRoot /apache/htdocs

AddDefaultCharset utf-8

<VirtualHost *:80>
  RewriteEngine   On
  RewriteRule     ^/(.*)$   https://%{HTTP_HOST}/$1    [redirect,last]
  <Directory /apache/htdocs>
    Require all granted
    Options None
    AllowOverride None
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  SSLEngine On
  <Directory /apache/htdocs>
    Require all granted
    Options None
    AllowOverride None
  </Directory>
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/www.guli.com/fullchain.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/www.guli.com/privkey.pem"
</VirtualHost>


<IfModule mod_proxy.c>
  <Location "/">
    ProxyPass "http://localhost:50080/main/" connectiontimeout=5 timeout=600
    ProxyPassReverse "http://localhost:50080/main/"
    ProxyPassReverseCookiePath "/main/" "/"
    ProxyPreserveHost On
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "600"
  </Location>
# so läuft mal: http://www.guli.com
  <Location "/email">
    ProxyPass "http://localhost:50099/email"
    ProxyPassReverse "http://localhost:50099/email"
    ProxyPassReverseCookiePath "/email" "/"
    RequestHeader set X-Forwarded-Prefix "/email"
    ProxyPreserveHost On
  </Location>
# /ta/swagger-ui.html 
  <Location "/ta">
    ProxyPass "http://localhost:50086/ta"
    ProxyPassReverse "http://localhost:50086/ta"
    ProxyPassReverseCookiePath "/ta" "/"
    RequestHeader set X-Forwarded-Prefix "/ta"
    ProxyPreserveHost On
  </Location>
# pres/swagger-ui.html
  <Location "/pres">
    ProxyPass "http://localhost:50083/pres"
    ProxyPassReverse "http://localhost:50083/pres"
    ProxyPassReverseCookiePath "/pres" "/"
    RequestHeader set X-Forwarded-Prefix "/pres"
    ProxyPreserveHost On
  </Location>
  <Location "/guli-web">
    ProxyPass "http://localhost:50096/guliadmin-web" connectiontimeout=5 timeout=600
    ProxyPassReverse "http://localhost:50096/guliadmin-web"
    ProxyPassReverseCookiePath "/guliadmin-web" "/guliadmin-web"
    ProxyPreserveHost On
  </Location>
  <Location "/.well-known">
    ProxyPass "!"
  </Location>
  ProxyRequests Off
  ProxyVia Off
  ProxyStatus On
</IfModule>
Java spring-boot Apache Tomcat 代理通行证

评论

1赞 f1sh 6/3/2022
这就是您的应用程序。其他组件可能已添加其他标头,但状态行来自应用程序。
0赞 user2023141 6/3/2022
但是我的应用程序根本没有实现任何安全性。不依赖于 spring-security。请参阅我添加的 pom.xml
1赞 Mark Rotteveel 6/3/2022
@f1sh 不一定,中间层(如代理、负载均衡器或网关)可能需要身份验证,然后才能转发到实际应用程序。
0赞 grekier 6/3/2022
你能分享apache配置吗?
0赞 user2023141 6/4/2022
刚刚添加了apache文件:httpd.conf

答:

0赞 Eugène Adell 6/6/2022 #1

我们看到响应标头是在 / Location 中设置的,而有一个 /ta Location 部分。 正如 Location 文档所说,这些部分按它们出现的顺序进行处理,这意味着 / 在逻辑上应该是最后一部分。

上一个:尝试使用具有域地址 [duplicate] 的 8080 端口屏蔽 tomcat 地址

下一个:带有 .htaccess 重写引擎的漂亮 URL