Cache issues

[Jamon Camisso]

On 09/05/13 06:18 PM, William Muriithi wrote:
> Evening
> 
> Early this week, I redirected traffic going to port 80 and 443 to port
> 8080 and 8443. This is to get jboss running without root permission.
> All seemed to work fine, but had to reverse it today morning. The
> problem is, it looks like jboss is sending the browser URL with port
> 8443 embedded .   This mean we have to open port 8443 on the external
> firewall for it to work.  I had missed this during testing as I only
> accessed it from the office.
> 
> 
> Now the problem is, even after reverting the change above, the browser
> seem to be hitting port 8443.  I have got them to clear the browser
> cache but the problem seem not to go away.  We don't use proxy, so I
> have run out of ideas on what I am observing.
> 
> Anyone seem this before? Or rather, would know how the browsers still
> hitting port 8443 randomly?

Smells like a NAT rule somewhere to me. Can you capture a tcpdump of
*all* traffic to and from a known misbehaving host? From the first SYN
packet. It will be an issue seeing the traffic on port 8443, but by that
point in the session the redirection should be evident somewhere, either
in plain HTTP traffic if it is the browser/server, or in your firewall
rules.

It could also be a browser caching HSTS, but I'm not sure JBoss has that
capability.

Last thing you could try, and I suggest running any Java app server like
this: put an nGinx or Apache in front of your servlet container. It
gives you a huge amount of flexibility, is way easier to configure, lets
you bind your webserver to ports 80 and 443, and you don't have to
handle SSL in your container.

Cheers, Jamon
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists