Hybris ERR_TOO_MANY_REDIRECTS with Apache AJP proxy?

Problem statement:

We have setup Apache as the reverse proxy using mod_proxy_ajp. When we access any Product or Category having "+" in their name, we get ERR_TOO_MANY_REDIRECTS error.

Solution:

The way Apache handles "+", causes a redirection loop. You can add "nocanon" to your ajp directives to resolve this. Now you are free to use "+" character in the product name.
...
<VirtualHost *:443>
        ...
        ProxyPass       /       ajp://localhost:8009/ nocanon
</VirtualHost>
...  




Allow slash [will not work with Hybris]

If you also want to allow slash "\", then you should configure the proxy server to pass the request URL with no decoded for it. check the below configuration using AllowEncodedSlashes NoDecode
<VirtualHost *:443>
        ...
        AllowEncodedSlashes NoDecode
        ProxyPass       /       ajp://localhost:8009/ nocanon
</VirtualHost>


ProxyPass Keywords nocanon

Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon keyword suppresses this and passes the URL path "raw" to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.


AllowEncodedSlashes Directive

The AllowEncodedSlashes directive allows URLs which contain encoded path separators (%2F for / and additionally %5C for \ on accordant systems) to be used in the path info.
With the default value, Off, such URLs are refused with a 404 (Not found) error.
With the value On, such URLs are accepted, and encoded slashes are decoded like all other encoded characters.
With the value NoDecode, such URLs are accepted, but encoded slashes are not decoded but left in their encoded state.
Turning AllowEncodedSlashes On is mostly useful when used in conjunction with PATH_INFO.

Note

If encoded slashes are needed in path info, use of NoDecode is strongly recommended as a security measure. Allowing slashes to be decoded could potentially allow unsafe paths.



Author Image

Ankitkumar Patel

Sr. SAP Hybris consultant, having 6+ years experience in Hybris, Java, J2EE. Extensive hands-on experience in SAP Hybris development, third-party integrations with Hybris, project architecture and design... Read more

Comments

Popular posts from this blog

Hybris flexible search query examples

How to remove or update all data records in Hybris?

Hybris backoffice customization