Missing Header

Not applicable

I have 5 Machine cluster setup and have 1 org, 2 environments (dev & sit), 2Keystores, & 2 VHosts on different ports. I have one SSL Certificate that has Common Name: dev.api.... and SANs: sit.api..., uat.api..., etc. that has been used for both keystores

When I deploy to dev, everything is fine. I can make the call and get an appropriate response. However, when I try to use the other environment, sit, (which has a VHost Alias that matches one of the SANs) I get an

{ "fault": { "faultstring": "Unknown target sit.api...", "detail": { "code": "UNKNOWN_TARGET" } } }.

In the router logs I see this:

2015-06-22 13:51:48,340 Router-ServerThread-0 ERROR Request-processor - ValidateHostHeader.process() : Message Id:va10n40115.wellpoint.com_BThxRNO0_RouterProxy-8-533_1 Missing host header

However, I have tried accessing the API by manually specifying the host when I access sit, but it does not make difference.

Please let me know if you have any ideas

0 9 1,146
9 REPLIES 9

just to clarify, you have 1 VH for each environment and 1 keystore for each environment, correct?

Your VH alias for dev env is 'dev.api..' and VH alias for sit is 'sit.api..', but each VH is listening on different port [Pdev, Psit], correct?

Assuming 'yes', to both the questions above,

1) check if you proxy is deployed in both the environments

2) Error indicates, either client is missing the host header or Router is not able to classify the request for 'sit.api..'

So, make sure you are calling with correct ports -> dev.api..:Pdev and sit.api..:Psit

3) try with Curl -> curl -v 'sit.api..:Psit' -H 'Host: sit.api..'

4) check in your management server,

/v1/o/{orgname}/e/dev|sit/deployments to make sure there are no deployment errors

If all fails, then we need to debug further - but i hope we should have some clues with the above 4 steps

Yes to your first 2 questions.

1) I've tried it with both deployed & only one deployed. Doesn't matter, dev works and SIT doesnt 2) Correct ports are being used, classification tree from router has correct condition 3) That is how I tried setting the host manually, did not work. 4) There are no deployment errors.

Also, I was just doing a tail -f of the router log. It seems to throw the "Missing host header" error for most messages, not just those going to sit.

ok whats the error response code, is it 404 or 500 or 503?

in 5 host, i guess you have 2 routers/MP - can you also check MP logs just to see if it reaches the MP and there are any errors? what version of the OPDK you have? can you try restarting the Router/MP on both machines?

The error response code is 404.

> GET /v1/path/stuff/here HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: sit.api..
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: application/json; charset=UTF-8
< Content-Length: 99
< Set-Cookie: ant=!6gH48At7ag80+TFnbMVu8XMGdq38gazzE5JxDDls7DH3lBZ/OMdfBbNxs1UMH4Imlw5hyc6zQTK5ArQ=; path=/
<
* Connection #0 to host sit.api... left intact
* Closing connection #0
{"fault":{"faultstring":"Unknown target sit.api...","detail":{"code":"UNKNOWN_TARGET"}}}

Yes, I have 2 RMP nodes.

It appears it doesnt actually get to the MP node, so nothing shows up in the log.

OPDK: 4.15.04.00

I have tried restarting all of the servers and it is still failing.

Ok, this is clearly a deployment error or an error in router that is preventing it to classify this request correctly

1) can you pls post what you see for /v1/o/orgname/e/sit/virtualhosts/{vhostname}

The hostalias shown here should be a exact match for the Host name header in the client request

2) are u using SSL/2-way ssl? in that case, can you disable it at the VH and just test the http flow -- we could atleast rule out if its SSL related config error

The host aliases do match.

{
  "hostAliases": [
    "sit.api...."
  ],
  "interfaces": [],
  "name": "secure",
  "port": "9442",
  "sSLInfo": {
    "ciphers": [],
    "clientAuthEnabled": false,
    "enabled": true,
    "ignoreValidationErrors": false,
    "keyAlias": "sitApiKey",
    "keyStore": "sitKeystore",
    "protocols": []
  }
}

I am using SSL, but not 2-way SSL. And I have just tried it by disabling SSL on the Vhost, to no avail.

I feel like the error is very much tied to the original error message from the Router I posted, I just don't know why it thinks the header is missing, when the host header is clearly being sent with it.

one more thing i would like to verify is the following URL

/v1/o/orgname/e/{env}/servers

can you try this and see if you get the both the servers for both dev and sit?

If not, it could be a provisioning issue -

else, I would recommend creating a support ticket, it would be easier to debug this further over a call

Thanks,

ok, I do see both servers. Thanks for your help, I have opened a support ticket

adas
Participant V

@rj.walsh

Does your api calls works when you send the host header as "host: {hostAlias}:{port}". I am guessing you have the same proxy deployed to both the environments and only one of them works and the other doesn't. Can you post the exact virtualhost definition for both the environments. You can email me at adas@apigee.com if you don't want to post the virtualhost definition on a public forum.

You can also send the classification tree output. It looks to me as if the router is not able to classify the request correctly since there's some conflict in the classification tree. What's your OPDK version, btw ?