6

I have many redirections within a VM webserver, which work when browsing the server with the embedded navigator (iceweasel). But that does not work when accessing the server from the hosting machine's browsers (tested with FF4/IE8/Chrome/Opera11).

All experienced redirecting methods are driving to a "server not available or overloaded" in the hosting machine browsers.

If you could have a look to the headers from the apache logs and give some hints about the differences (main one looks to be the GET url, provided that the same code is operating):

Working request leads to this log : 

cat /var/log/apache2/access.log | grep 127 | grep random | tail -n1   
127.0.0.1 - authuserid [26/Jun/2011:11:11:52 +0200]    
"GET /index.php?page=100 HTTP/1.1" 200 49151
"https://www.mydomain.foo/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788&random=c0117685e7e65a307989c219efc587b4&sid=n7en2it41h2gumrcq3kmmil3c0&sidf=.ps_AWDkIY"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2011050718 Iceweasel/3.0.6 (Debian-3.0.6-3)"

Non working request leads to this log : 

cat /var/log/apache2/access.log | grep 192 | grep random | tail -n1   
www.mydomain.org:80 192.168.X.Y - authuserid [26/Jun/2011:11:08:07 +0200]  
"GET  /index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788&random=685de8bcd4d198d6ad7f3cf4b23de5b7 HTTP/1.1" 302 -
"http://www.mydomain.foo/index.php?page=xyz"    
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

I can't show the header response as I don't get a response and no error reported by apache (loglevel=error).

Thx

Controls done :
I have increased the browsers timeout (FF: network.http.keep-alive.timeout to 3600s : no change.
I checked that no headers were sent previously to the redirection : ok (a dump of headers_sent() shows no headers sent nor blank line or space in the includes, )
I have increased the Apache server timeout just in case: no change
I made sure of using an absolute url as of HTTP/1.1. I tried php, html meta and js redirect: no change

EDIT 1:

Here are the headers as seen by LiveHTTPHeaders in the "non working" case :

http://www.mydomain.org/menus/noeud4.php
POST /menus/noeud4.php HTTP/1.1
Host: www.mydomain.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Keep-Alive: 3600
DNT: 1
Connection: keep-alive
Referer: http://www.mydomain.org/index.php?page=890
Cookie: PHPSESSID=4bge5gg1rgkit78k3seqlfcbq2
Authorization: Basic aW52aXRlZEBjYW1hY2FzYTp5b3VybXlndWVzdEB0b2RheQ==
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
login=my_superlogin1&pwd1=vbigpass3xqz%40A2L&captcha=91690& source=noeud4.php&>formulaire_valide=SOUMETTRE
HTTP/1.1 302 Found
Date: Sun, 26 Jun 2011 14:17:27 GMT
Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_python/3.3.1 Python/2.5.2 >mod_ssl/2.2.9 OpenSSL/0.9.8g PHP/5.3.3
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.mydomain.org/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

http://www.mydomain.org/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788
GET /index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788 HTTP/1.1
Host: www.mydomain.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Keep-Alive: 3600
DNT: 1
Connection: keep-alive
Referer: http://www.mydomain.org/index.php?page=890
Cookie: PHPSESSID=4bge5gg1rgkit78k3seqlfcbq2
Authorization: Basic aW52aXRlZEBjYW1hY2FzYTp5b3VybXlndWVzdEB0b2RheQ==

HTTP/1.1 302 Found
Date: Sun, 26 Jun 2011 14:19:59 GMT
Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_fastcgi/2.4.6 mod_python/3.3.1 Python/2.5.2 >mod_ssl/2.2.9 OpenSSL/0.9.8g PHP/5.3.3 X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://www.mydomain.org/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788&sid=4bge5gg1rgkit78k3seqlfcbq2&sidf=.ps_Z5wRio
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

EDIT2: Comparing both cases of request/responses (working/not working), I isolated the following 2 main differences among others :

On the "working" responses :
Status : 200 which I don't have on the "non working" reponse, but I do not understand why.

on the "NON Working" response :
DNT:1
which stands for the option Do Not Track (me) from FF4.
So I tried to deactivate this option, but same result.

I may miss sthg for sure. All looks as if the server was down. Maybe the session cookie (76 kb) is too big. I also tried downgrading firefox 4 to 3.6 as this another changed parameter, but I still get the same response with FF3.6 as FF4.

Improve this question
7
  • 1
    Can you use LiveHTTPHeaders (for Firefox) or something similar to look at the headers? Commented Jun 26, 2011 at 10:28
  • 1
    Sounds like an issue with domain names / DNS / VHosting. Have you got any aliases set up in the VM /etc/hosts file that need to be copied to the host machine? Does the host machine provide any DNS services to the VM which needs to be replaced when not working inside the VM? If the request from the host uses a different domain name, are you using name-based Apache VHosts, this might mean that requests from the host machine get routed to a different VHost config. Commented Jun 26, 2011 at 10:33
  • @Frits van Campen: Thx, that's what I was trying to achieve using firebug. I edited with the "blocking" headers. Commented Jun 26, 2011 at 14:35
  • @Robin: thx as this might be also another potential reason of that issue. the VM aliases are copied to the host and it works like a charm for other websites hosted in the same VM, that I can access from the host machine. And the current problem did not occur some days ago (same VM, same website, same host but code and apache changes) but I can't find why. Commented Jun 26, 2011 at 14:42
  • 1
    @hornetbzz: what's the network setup between this VM and the host machine? Bridged? Host-only? Internal? Etc? What IP(s) does the VM report using? In fact, what VM software are you using? Commented Jun 26, 2011 at 23:32

1 Answer 1

Reset to default
1

As you can see in the requests you posted you try to hit: http://www.mydomain.org/menus/noeud4.php but you get redirected to http://www.mydomain.org/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788 and then again to https://www.mydomain.org/index.php?page=100&new_session=a4da9106dba2ffd40345a5eb624d7788&sid=4bge5gg1rgkit78k3seqlfcbq2&sidf=.ps_Z5wRio

Does it keep sending out 302 headers?

I'm guessing the noeud4.php script is some login script that will likely create a session and probably set some cookies. My guess would be to check if that is being done correctly - and figure out why it's throwing the 302.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

good guess : the form page_890 posts data to noeud4, that analyzes the data, initiate some cookies on the server. Then page_890 redirects to the form if they are non compliant data or to index if ok. Then index.php get sid and sidf cookies to keep the session for a next step switch to https if all the login conditions are satisfied : if yes, then the index redirects to himself but changing to https.
@Frits, @bob, @robin : Thx guys. Not sure what I did exactly, but it looks like changing 2 code blocks and enlightening the session cookie solved the point. This whole code is too sensitive, as there are still some issues. Next I'll use a framework ... I accept the answer as this helped me significantly in finding the why .
Note: I also deactivated mod_expire and mod_deflate in Apache.
@hornetbzz: cool. The cookie size you have is a red flag itself (even though not necessarily the cause), as it's 18x the normally accepted cookie size, and probably 10x the normally accepted http header size overall. Several Apache options are available to reduce or extend this accepted size (per field or overall), but 76k is generally still too much. Glad you got this solved though.
@bob: agreed. I need that for dvp purposes. I've reduced the size by 5 already.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.