When POSTing (or GETting) certain simple text values to our Struts2 (2.3.15.2) application when proxied by Apache HTTP server, we are getting a "The connection was reset" message within the browser (reported by Firebug as an Aborted request). It appears the server is never contacted at all (there are no entries in apache's access/error logs for the failed request).
The strange thing is that only certain string values trigger this error. We've found that the following key words: control, find, services when combined with any of the following symbols: "';<>|' cause the error. For example, the value control; results in an error but not test;.
Or a more complex example:
string containing the word find and a special character like >
Causes error but not:
string containing the word notfind and a special character like >
When we access the application via tomcat directly, we do not run into this problem.
We've deployed a simple struts2 java web application containing the most basic of views/controllers in an attempt to isolate the problem we are running into. Here's the view:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<form action="test.action" method="post">
Value: <textarea type="text" name="value"></textarea> <input type="submit"/>
</form>
<hr/>
Value is: ${value}
</body>
</html>
And the action:
public class TestAction {
private String value;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String execute() {
return "success";
}
}
We are running Apache/2.2.10 (Linux/SUSE) with mod_proxy and mod_proxy_ajp. Tomcat version is 6.0.18. Here's the configuration:
ProxyPass /ConnectionResetTestApp ajp://localhost:8009/ConnectionResetTestApp
Using mod_proxy_http with the following configuration produces the same broken behavior:
ProxyPass /ConnectionResetTestApp http://localhost:8080/ConnectionResetTestApp
ProxyPassReverse /ConnectionResetTestApp http://localhost:8080/ConnectionResetTestApp
This example application can be tested out at: http://post.idaho.gov/ConnectionResetTestApp/
Any ideas on why this is happening and how we can prevent this type of error?
The answer was posted in the comments, so I will just write what process I followed to help you.
From the description of the problem (connection lost when a request contains some specific strings), there could be several causes :
The fact that you tested directly on tomcat implies (almost) that Struts and Tomcat are not the cause. It could be the Tomcat AJP connector, hence my question about mod_proxy_http. Then, thanks to your test app, I saw that a simple request which does not even get to the tomcat get rejected the same way (http://post.idaho.gov/gsgd?gdf=find%3E) so tomcat out.
The fact that there is no line in error_log or access_log implies the request doesn't even get to apache, so there is something before in the network. As Apache is directly public, there must be some firewall rule blocking all tcp packet on port 80 containing those strings.