Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

URLRewrite filter not working with multipart form

I am using tuckey URLRewrite filter having one of its rules as follows:

<rule>
    <name> Proxy  URL with jession ID's </name>
    <note>

    </note>
    <condition type="parameter" name="ParamName">[\p{ASCII}]+</condition>
    <from>^/([^?]*)\.htm(.*)$</from>
    <to type="proxy">%{request-url};jsessionid=%{parameter:ParamName}$2</to>
</rule>

The problem arises as soon as I add enctype="multipart/form-data" to my form (which uses POST method btw). The filter is unable to rewrite url.

Any ideas how to solve this issue?

like image 518
Funky coder Avatar asked Nov 13 '22 15:11

Funky coder


1 Answers

If you can change the source of the application you could modify it so that you can use the "parameter" method of extracting the JSESSIONID. By default (at least on Tomcat) the JSESSIONID will not be passed in the form post but you could modify your form to include it. For example a JSP page might look like this:

<form action="index.jsp" method="post">
    <input type="hidden" name="JSESSIONID" value="${pageContext.session.id}"/>
    <input type="submit"/>
</form>

Alternatively you could try and fetch the JSESSIONID from the session cookie using a different condition. I have not tried the following but imagine something like it could work for you:

<rule>
    <name>Proxy URL with jsession ID's</name>
    <note></note>
    <condition type="cookie" name="JSESSIONID"/>
    <from>^/([^?]*)\.htm(.*)$</from>
    <to type="proxy">%{request-url};jsessionid=%{cookie:JSESSIONID}$2</to>
</rule>

There are other conditions you could potentially use to check whether the session id was valid (requested-session-id-valid), originated from a cookie (requested-session-id-from-cookie) or originated from the URL of the post action (requested-session-id-from-url).

I'm not sure which version of UrlRewriteFilter you are using but if you look at the "Permanently redirect incoming URLs containing jsessionid." example at the following URL you will see that the JSESSIONID is not a parameter like other POST/GET parameters are.

http://urlrewritefilter.googlecode.com/svn/trunk/src/doc/manual/3.2/guide.html

I can highly recommend using the Firefox/Firebug together to examine your POST request and headers so you get an idea for exactly what is being passed. (I'm sure there are other similar tools that do this too, Fiddler 2 etc.).

like image 141
Mark McLaren Avatar answered Dec 06 '22 03:12

Mark McLaren