1

We have a server running Apache providing services via a simple API. We now stumbled upon the problem that we cannot access the API using a third-party library, altough the resulting HTTP request are ALMOST the same. The only difference - as far as we can tell from Wireshark - is the presence or absence of the explicit information about port 80. For example:

curl -d "..." http://www.example.com/foo/bar/
curl -d "..." http://www.example.com:80/foo/bar/

Both work, and Wireshark shows Host: www.example.com, i.e., without the port 80. As far as I understand cURL as well as browser or most other clients remove port 80. So far, all fine.

Now, a third-party library to make requests requires to set a port, and we need to set it to 80. If the library makes a request, Wiresharks now shows Host: www.example.com:80 - note the additional port information. This request fails, and as far as we can see in Wiresharks, this failing request only differs with respect to the host field.

Can this be a configuration issue of Apache? We currently have no direct access to the server to check the conf files. Or are we missing something completely different here.

Improve this question
0

2 Answers 2

Reset to default
1

From rfc 2616:

 Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

So "Host: www.example.com:80" is perfectly legitimate. But I have never seen port 80 (or 443 in the case of HTTPS) in the host field of a HTTP request. It is obviously required where the request is routed via a proxy to a non-standard port.

This would give me some concerns as to the quality of the "third-party library". My first of port of call in resolving this would be to speak to the providers of the component - they have presumably come across the problem before.

You did not mention what access you have to the library - did you check that this is not a configurable option? Do you have access to the source code, and the permission to modify it? (if not, that would imply it is commercial, paid-for software - which should give you the right to some support).

I don't know what the solution is, but some obvious things to try would be:

  • configure the URL at the default vhost for webserver rather than explicitly for www.example.com
  • or use mod_headers to rewrite the host field
  • or put a forward proxy in front of the webserver e.g. squid and add a url rewriter (if squid does not automatically strip the port from the host field)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Just to add some detail. It's Smack, a XMPP library for Java/Android. We currently compile "on the fly" using Gradle in Android Studio. It's open source, so I assume we can get the source, change it, and integrate it in our app. But as pointed out in a comment to another answers, it works on an another server (with or with out :80 doesn't matter). So my current hope is that it's just a small tweak in the Apache conf.
0

Apache performs string matching with the Host field. So when the :80 is attached, the string matching will fail and Apache will consider it a URL it does not handle and reject it. That is why curl stripped it.

You can read more about the ServerName field here, which is the setting in which Apache matches against Host.

Update

So the :80 has no effect and the string matching still works.

On my production server, I did not change Apache's configuration. I wrote some quick PHP to send out the GET request on a socket, and Apache still responded correctly with the :80 attached to the Host: field.

I also checked on the server itself and see the request come in with the errant :80 attached to it and Apache answers with the status of 200 and presents the HTML.

There is something else wrong with the third party software's request.

Improve this answer

3 Comments

But does this still mean that I can configure Apache in a way to accept both URLs, i.e., with and without :80? I'm not very familiar with configuring Apache.
I'll go give it a try and I'll let you know (with the ServerAlias setting)
Katie, thanks! Much appreciated. Yes we tested the different requests on an internal server with almost default configuration. Here, both version were successful. However, this internal server is not publicly accessible. We are currently trying to the conf files from the open server.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.