Search code examples
apachemod-rewritereverse-proxymod-proxymod-headers

Removing duplicate headers from HTTP requests


I am using an Apache 2.4 server with mod_proxy as an HTTP reverse proxy for Tomcat server. The reverse proxy works on a Split-DNS configuration where "server.com" might point either to the actual HTTP server or to my reverse proxy depending on where the client is.

The problem that I'm having is that our client application had a problem where sometimes it would include an header more than once. For example, an HTTP request could end up looking like this:

POST server.com HTTP/1.1
Some-Header: foo
Authorization: BASIC abc123
Authorization: BASIC abc123
Other-Headers: ...

This works fine if the client is talking directly to Tomcat but if it goes through the reverse proxy then the duplicated headers seem to get mangled and Tomcat ends up receiving a request that looks like this:

POST server.com HTTP/1.1
Some-Header: foo
Authorization: BASIC abc123, BASIC abc123
Other-Headers: ...

I used Wireshark to inspect the HTTP requests as they are sent/received in the Client->Proxy->Tomcat chain and Apache is definitely the component that is "collapsing" the two headers into one.

Is there a way to configure this behavior in a way where it either sends both headers or just one? What I don't want is this "collapsing" taking place...


Solution

  • You can use mod_headers to remove the duplicate header. See their official docs for information on how to enable it.

    Then you can add a line like this to your configuration file so that the first part of header disappears:

    RequestHeader edit Authorization "^BASIC\ abc123\\,\ " ""
    

    Let me know if that works for you.