Hi,

We have deployed Web Application Proxy in our DMZ to publish some services to the internet. This works fine with all our services except for one. This service responds with a redirect :

HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: no-store, no-cache
Pragma: no-cache
Expires: Tue, 05 Aug 2014 07:32:32 GMT
X-UA-Compatible: IE=Edge
Set-Cookie: JSESSIONID=D31478B944B1AF3331566EBFB03E4162; Path=/<serivce>/; HttpOnly
Location: http://<internal-serveraddress>:8080/<service>/login.do;jsessionid=D31478B944B1AF3331566EBFB03E4162
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Wed, 09 Sep 2015 07:32:32 GMT

This redirect is passed through the proxy to the client on the outside. The problem is that the WAP server URLEncodes the Location and Set-Cookie response. So that the client tries to reach the following address when it responds to the redirect response :

https://<extranal server>/<service>/login.do%3Bjsessionid%3DD31478B944B1AF3331566EBFB03E4162

This address is not a valid URL for the web server. 

As far as I can tell this look like a bug in the WAP server, or is this someting that could be configured to behave differently ?.

/Trond Tunheim

Hi Trond,

Does the URL contains a space?

If yes, we need to use "%20" to replace the space. Because WAP could not complie the space in url.

If you suppose it is a bug, I suggest you open a case with Microsoft. If it is proved as a bug, your fund would be refunded.

Here is the link:
https://support.microsoft.com/en-us/gp/support-options-for-business

Best Regards,

Leo

Hi Leo,

The URL does not contain spaces , as you can see in the redirect response from the inside server : http://<internal-serveraddress>:8080/<service>/login.do;jsessionid=D31478B944B1AF3331566EBFB03E4162

The only special characters are ";" and "=" , those should not be URLencoded when passed to the outside client.

If there are no way of configuring this in WAP then I have to report this as a bug. In my opinion redirect responses with ";" and "=" should not be URLencoded through WAP.

/Trond

Hi Trond,

Are you using Apache? I found that ; may be URLencoded as %3B by Apache under some circumstances.

If yes, we may try to contact Apache support for help.

Here is the link:
http://httpd.apache.org/support.html

Best Regards,

Leo

Hi Leo,

Yes, the inside server is Apache. The thing that puzzels me is that the repsonse from the Apache server is a correctly formated 302 response with redirect. But when the WAP server passes that response to the outside machine it URLencodes the "Location" part of the HTTP redirect packet. 

Did some Wireshark captures on the Wap server, and then I see that the data coming in from the Apache server is fine ;

HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: no-store, no-cache
Pragma: no-cache
Expires: Thu, 07 Aug 2014 09:37:38 GMT
X-UA-Compatible: IE=Edge
Set-Cookie: JSESSIONID=17E1E6B8EC3332A18F048D17CF52E091; Path=/<service>/; HttpOnly
Location: http://<inside server>:8080/<service>/login.do;jsessionid=17E1E6B8EC3332A18F048D17CF52E091
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Fri, 11 Sep 2015 09:37:38 GMT
 

When leaving the WAP to the outside client it becomes : 

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Length: 0
Content-Type: text/html;charset=UTF-8
Expires: Thu, 07 Aug 2014 09:37:38 GMT
Location: https://<outside server>/<service>/login.do%3Bjsessionid%3D17E1E6B8EC3332A18F048D17CF52E091
Server: Apache-Coyote/1.1 Microsoft-HTTPAPI/2.0
Set-Cookie: JSESSIONID=17E1E6B8EC3332A18F048D17CF52E091; Path=/<service>/; HttpOnly
X-UA-Compatible: IE=Edge
Date: Fri, 11 Sep 2015 09:37:38 GMT

In my mind this points to that the WAP is doing something it shouldn't do to the data.

/Trond 

Hi Trond,

As far as I know, it is a behavior of URL encoding.

Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format. URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits.

; equals %3B. = equals %3D.

Best Regards,

Leo