use_server_errors dropping headers

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

use_server_errors dropping headers

Frederik Nosi
Hi all,

after troubleshoting a problem with missing headers in an app respone
i'm not sure if the behaviour that i'm seeing is a bug or the expected

My configuration is fairly simple:

httpd + mod_jk -> tomcat


(I know i'm not using current versions, no time for now to upgrade this
developement server.)

This said,

The particular rest app when called with certain parameters replies with
a status code 401 and an additional custom header carriyng an error
code, like this:

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: XXXXX
Date: Thu, 18 May 2017 11:17:10 GMT


When passing the request through httpd / mod_jk the custom headers are
dropped. When instead calling directly Tomcat we get all the reply headers.

Now, we're using the "use_server_errors=400" on our context definition
in, dropping or setting it > 401 we get the
custom headers.

The documentation for that parameter is (from

The extension use_server_errors allows to let the web server send an
error page, instead of the backend (e.g. Tomcat) error page. This is
useful, if one wants to send customized error pages, but those are not
part of all web applications. They can then be put onto the web server.

The value of use_server_errors is a positive number. Any request send to
the backend, that returns with an http status code bigger or equal to
use_server_errors, will be answered to the client with the error page of
the web server for this status code.

So no mention of headers, searching HTTP RFC's on 401 status code i
found no indication in this case either.

Searching around i found this:

seems the header get's dropped here:

========================================================================= */
/* JK Service step
callbacks                                                 */
========================================================================= */

static int JK_METHOD ws_start_response(jk_ws_service_t *s,
                                       int status,
                                       const char *reason,
                                       const char *const *header_names,
                                       const char *const *header_values,
                                       unsigned num_of_headers)
    unsigned h;
    apache_private_data_t *p = s->ws_private;
    request_rec *r = p->r;

    /* If we use proxy error pages, still pass
     * through context headers needed for special status codes.
    if (s->extension.use_server_error_pages &&
        status >= s->extension.use_server_error_pages) {
        if (status == HTTP_UNAUTHORIZED) {
            int found = JK_FALSE;
            for (h = 0; h < num_of_headers; h++) {
                if (!strcasecmp(header_names[h], "WWW-Authenticate")) {
                    char *tmp = apr_pstrdup(r->pool, header_values[h]);
                                  "WWW-Authenticate", tmp);
                    found = JK_TRUE;
            if (found == JK_FALSE) {
                jk_server_conf_t *xconf = (jk_server_conf_t *)
                jk_log(xconf->log, JK_LOG_INFO,
                       "origin server sent 401 without"
                       " WWW-Authenticate header");
        return JK_TRUE;


For how i read the code, in the 401 case you deliberately dropp all but
the WWW-Authenticate header. I'm curious what's the reason behind this

To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]