Apache 2.4 proxy (listening to port 443, over ssl cert.) connection is dropping doctype, whereas proxy over non-ssl works as expected

Question

I am trying to understand why my Apache 2.4 proxy is dropping the <!doctype html> declaration, when connecting over an SSL connection (port 443), but not -- when connecting over any other port.

I have Apache proxy to an internal IIS server. When calling this page over http I get the exact same code from Apache as when calling it directly from IIS. This is the page:

<!doctype html>
<html>
   <head>
     <meta charset="UTF-8">
     <title>Example document</title>
   </head>
   <body>
     <p>Example paragraph</p>
   </body>
</html>

However, if I connect via https Apache drops the <!doctype html> declaration and drops the <header> tag, but not the content; and adds a mysterious empty <p> </p> brackets. This is what I get in return:

<html><body><p>

    </p>
      <meta charset="UTF-8">
      <title>Example document</title>

      <p>Example paragraph</p>

</body></html>

I tried adding ProxyHTMLDocType "<!DOCTYPE html>" and/or ProxyHTMLDocType html5 to the httpd-ssl.conf file -- with no effect. (Naturally, I restarted Apache after making the changes.)

More Info

Apache access.log

1.2.3.4 - - [02/Apr/2017:11:58:00 -0700] "GET /test.html HTTP/1.1" 200 151

Requesting page directly from IIS by doing http://192.168.1.200:8089/file.html returns as expected <!doctype html>.... The same it true if requesting the page over http://example.com:8082/file.html. But, strangely calling it like this: https://example.com/file.html <!doctype html> gets dropped. (See above...)

I am using Apache 2.4

IIS is listening :8089

Apache listening :80 :8082 and :443

Apache 2.4 httpd.conf

<VirtualHost *:8082>
    ServerName www.example.net:8082
    ServerName example.net:8082
    <IfModule mod_proxy.c>    
        ProxyRequests Off
        ProxyPass        /  http://192.168.1.200:8089/
        ProxyPassReverse /  http://192.168.1.200:8089/
    </IfModule>
</VirtualHost>

Apache 2.4 httpd-ssl.conf file

<VirtualHost www.example.net:443>
    ServerName www.example.net
    <IfModule mod_proxy.c>    
        ProxyRequests Off
        ProxyPass        /  http://192.168.1.200:8082/
        ProxyPassReverse /  http://192.168.1.200:8082/
        ...
    </IfModule>


    #  --------------------------------------------------
    #  If I remove this section it works as expected, but
    #  the page returned includes links that are not rewritten:
    #  http://192.168.1.200:8082 gets not rewritten to
    #  https://www.example.net/ 
    #
    #  this part rewrites the links but drops the DocType
    #  

        <Proxy "http://192.168.1.200:8089">
            ProxyHTMLEnable  on
            ProxyHTMLExtended on
            ProxyHTMLMeta On
            ProxyHTMLURLMap http://192.168.1.200:8082 https://www.example.net/
        </Proxy>
    #  --------------------------------------------------

</VirtualHost>

More Info no. 2

I discovered that there is an error being recorded during in error_SSL.log if calling

[Mon Apr 03 18:51:32.821700 2017] [xml2enc:error] [pid 11008:tid 1736] [client 1.2.3.4:4961] AH01435: Charset ISO-8859-1 not supported.  Consider aliasing it?
[Mon Apr 03 18:51:32.821700 2017] [xml2enc:warn] [pid 11008:tid 1736] [client 1.2.3.4:4961] AH01436: No usable charset information; using configuration default

I added in IIS 10 Manager default HTTP Response Header a new entry of the type name:Content-Type value:charset=uft-8 just to be double sure that Apache is getting from IIS charset uft-8 and not charset ISO-8859-1. I also added ProxyHTMLCharsetOut UTF-8 to the proxy. So now it reads

<Proxy "http://192.168.1.200:8089">
    ProxyHTMLEnable On
    ProxyHTMLExtended On
    ProxyHTMLMeta On        
    ProxyHTMLCharsetOut UTF-8

    #                find                      replace_with
    ProxyHTMLURLMap  http://192.168.1.105:8082 https://example.com/site1
    ProxyHTMLURLMap  http://192.168.1.105:8083 https://example.com/site2
    ProxyHTMLURLMap  http://192.168.1.105:8084 https://example.com/site3
</Proxy>

I personally can't quite see how apache would be causing this, but it might be of some help if you could post the relevant apache config, and maybe provide some background on how IIS is set up. Can you replicate the 'modified' output by querying IIS directly? Are there any IIS or Apache logs you can share for the two 'types' of responses? What version of apache are you using? — iwaseatenbyagrue, Apr 01 '17 at 09:14
@iwaseatenbyagrue ... doing more research I found the section in the config that is causing the problem. See above, under **More Info** newly added info. Now I need to find another way to rewrite the Links of the pages served by the proxy. — MeSo2, Apr 03 '17 at 00:58

score 0 · Answer 1 · answered Apr 03 '17 at 19:44

I suspect your issue is:

<Proxy "http://192.168.1.200:8089">
        ProxyHTMLEnable  on
        ProxyHTMLExtended on
        ProxyHTMLMeta On
        ProxyHTMLURLMap http://192.168.1.200:8082 https://www.example.net/
</Proxy>

Which I think should read:

<Proxy "http://192.168.1.200:8089">
        ProxyHTMLEnable  on
        ProxyHTMLExtended on
        ProxyHTMLMeta On
        ProxyHTMLURLMap http://192.168.1.200:8082/ /
</Proxy>

Could you possible rewrite httpd-ssl.conf as:

<VirtualHost www.example.net:443>
    ServerName www.example.net
    <IfModule mod_proxy.c>    
        ProxyRequests Off
        ProxyPass        /  http://192.168.1.200:8089/
        ProxyPassReverse /  http://192.168.1.200:8089/
        ...
    </IfModule>

And avoid passing through your :8082 proxy? Or is that doing something else to the requests?

You might also find some help in ProxyHTMLURLMap not working in apache2.4

iwaseatenbyagrue Thank you for hanging in there with me... I added More Info no. 2. Noticed it needed an Apache restart for an error to be written to the log file. Unfortunately your suggestion would not work as I am using ports to direct to different website versions. I could open up one more listen in IIS and try to sole it like that. Nonetheless, I checked the dummy page in http://validator.w3.org and get **BOM found in content** something is just fishy. — MeSo2, Apr 04 '17 at 02:15
to your suggested link [ProxyHTMLURLMap not working in apache2.4] -- I removed the proxy_html.conf file all together some time ago thinking it would interfere with the migration to Apache 2.4. Do you suggest loading it? The suggested `ProxyHTMLURLMap http://192.168.1.200:8082/ /` removes the host all together, which is not working. — MeSo2, Apr 04 '17 at 02:25

Apache 2.4 proxy (listening to port 443, over ssl cert.) connection is dropping doctype, whereas proxy over non-ssl works as expected

More Info

More Info no. 2

1 Answers1