Apache and mod_proxy not handling HTTP 100-continue from client HTTP 417

'm building some webby magic and am using Apache to front our tomcat server, forwarding requests to tomcat on port 8080. I have an issue using Apache a开发者_如何学运维nd mod_proxy to forward requests. It appears the client (a web application) sends an HTTP 100-continue to which Apache responds with a 417 Expectation Failed.

When I take Apache out of the picture and send requests directly to tomcat on port 8080, the request is successful and the client is sent a 200 OK.

My Apache config looks like:

ServerName abcproxy DocumentRoot /apps/apache-content/default

AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript text/xml

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

ExpiresActive on
ExpiresDefault "access 0 seconds"

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

        ProxyPreserveHost On

CustomLog /apps/ocp-logs/apache/abcproxy.log combined

Anyone see where i'm going wrong?

Apache has a known and unresolved issue with Expect headers, see bug 46709 and bug 47087.

The issue is that some clients set the Expect header and only send the request headers before a PUT or POST of data. This allows the server to respond to errors/redirects/security violations prior to the client sending the request body (PUT or POST data). This is a laudable goal, but apparently, the client does not wait until it gets a response and just pushes out the body of the request, which results in the 417 error.

If you have control over a .NET client you can use ServicePointManager.Expect100Continue Property set to false, to override this behavior.

If you only have control over the server, it looks like you can either force HTTP 1.0 for those clients (perhaps based on user agent string) or force unset the Expect header using mod_header early on in the request.

To remove the Expect header from the request early using mod_headers use this config directive:

<IfModule mod_headers.c>
RequestHeader unset Expect early
</IfModule>

This works because the client is not actually waiting for the "100 Continue" response and acting as if the Expect header were not set.

In our realy particular case, it was the proxy answering with 417. Then again, the deploy seemed to have ignored the nonProxyHosts settings. Effectively, we had run into this bug: https://github.com/mojohaus/jaxb2-maven-plugin/issues/60 thus jaxb2-maven-plugin mangled our proxy settings, and the proxy answered 417.

mvn clean deploy

failed. While

mvn deploy

worked. Best workaround I found (see issue linked above) was to use a different wagon which does not get broken by jaxb2-maven-plugin (version 2.4 still known to have this proxy bug):

<extensions>
    <extension>
        <groupId>org.apache.maven.wagon</groupId>
        <artifactId>wagon-http-lightweight</artifactId>
        <version>3.3.2</version>
    </extension>
</extensions>

I hit this 417 Expectation Failed error while configuring Ivanti cloud services (ITSM) with API integrations with Tufin SecureChange (firewall rule automation) running apache on the frontend. This patch solved my issues.