8 Replies Latest reply on Jun 26, 2012 6:46 PM by Udo

    Errornotification message checksum content error

    AndyPol
      Hi,

      The problem is - if a wrong user name or password is supplied, apex throws a strange error -

      Contact your application administrator.
      Error     notification message checksum content error: C53F0B90C7CA15BF701E5AC623A579BE
      OK     

      But URL has notification error message - https://host/apex/f?p=800:101:914565140300946:&notification_msg=Invalid%20Login%20Credentials/858CAE75D64C062356B42548E99769A2/

      When I login without SSL everything work OK.

      My architecture is:
      CentOS (5.6) -> Oracle 11g SEO -> OC4J -> APEX Listener -> Apache Revers Proxy (with SSL)


      Can you please help me in fixing this error?
        • 1. Re: Errornotification message checksum content error
          Udo
          Hi Andy,

          which locales do proxy and OC4J use? And do you use APEX in a translated version or in English? Any special characters have to be treated correctly by each component on the way. Since your proxy needs to rebuild the request in the SSL case, it could happen that the request to OC4J gets some unsupported encoding. Do you see similar errors in other situations, e.g. other notifications in APEX?
          And just to make the picture complete, which APEX and APEX Listener versions do you use?

          -Udo
          • 2. Re: Errornotification message checksum content error
            AndyPol
            Hi Again

            I use Apex 4.0.2.00.07 English ver.
            APEX Listener ver. 1.1.1.104.21.28

            Incorrect login return Error     notification message checksum content error
            I notice, after correct login no Notification Messages (without error) only in URL I can read messages.

            URL Messages are specific
            ...&success_msg=Region%2520Updated.%2520Report%2520attributes%2520
            but I think it can be
            ...&success_msg=Region%20Updated.%20Report%20attributes%20
            This is couse of checksum error in login error.

            It look like reprocess URL %20 changed to %2520.

            I don't know How can I check Locale in Apache and OC4J, can you help ?
            • 3. Re: Errornotification message checksum content error
              Udo
              Hi Andy,
              APEX Listener ver. 1.1.1.104.21.28
              Though I don't think this is the issue here, you could update your APEX Listener to the current release (1.1.2.131.15.23).
              URL Messages are specific
              ...&success_msg=Region%2520Updated.%2520Report%2520attributes%2520
              Obviously there happens some double URL encoding: *%25* is the code for a *%*

              Do you have any additional URL encoding rule on the proxy?
              I don't know How can I check Locale in Apache and OC4J, can you help ?
              First, you could display the current locale setting by executing
              locale
              and review additional settings with
              env | grep -E "LC|NLS"
              Especially for the OC4J, you can also check if some special JVM-arguments have been set by executing
              echo $OC4J_JVM_ARGS
              There is a bunch of other locations to configure NLS parameters.

              A nice guide on this is included in the [url http://download.oracle.com/docs/cd/B32110_01/core.1013/b31263/iasconfig.htm#BHCEECHI]OAS Globalization Guide, which covers both the OHS (pretty close to Apache HTTPD) and OC4J parts of that scenario.

              -Udo
              • 4. Re: Errornotification message checksum content error
                AndyPol
                Hi

                []# locale
                every row exclude LC_ALL contain the same value = "pl_PL.UTF-8"
                LC_ALL have not value:
                LC_ALL=


                []# env | grep -E "LC|NLS"
                nothing

                []# echo $OC4J_JVM_ARGS
                nothing



                My http.conf file:
                ---------------------------------------------------------------------------------

                ServerTokens OS


                ServerRoot "/etc/httpd"

                PidFile run/httpd.pid


                Timeout 120


                KeepAlive Off


                MaxKeepAliveRequests 100

                #
                # KeepAliveTimeout: Number of seconds to wait for the next request from the
                # same client on the same connection.
                #
                KeepAliveTimeout 15


                <IfModule prefork.c>
                StartServers 8
                MinSpareServers 5
                MaxSpareServers 20
                ServerLimit 256
                MaxClients 256
                MaxRequestsPerChild 4000
                </IfModule>


                <IfModule worker.c>
                StartServers 2
                MaxClients 150
                MinSpareThreads 25
                MaxSpareThreads 75
                ThreadsPerChild 25
                MaxRequestsPerChild 0
                </IfModule>


                Listen 80


                LoadModule auth_basic_module modules/mod_auth_basic.so
                LoadModule auth_digest_module modules/mod_auth_digest.so
                LoadModule authn_file_module modules/mod_authn_file.so
                LoadModule authn_alias_module modules/mod_authn_alias.so
                LoadModule authn_anon_module modules/mod_authn_anon.so
                LoadModule authn_dbm_module modules/mod_authn_dbm.so
                LoadModule authn_default_module modules/mod_authn_default.so
                LoadModule authz_host_module modules/mod_authz_host.so
                LoadModule authz_user_module modules/mod_authz_user.so
                LoadModule authz_owner_module modules/mod_authz_owner.so
                LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
                LoadModule authz_dbm_module modules/mod_authz_dbm.so
                LoadModule authz_default_module modules/mod_authz_default.so
                LoadModule ldap_module modules/mod_ldap.so
                LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
                LoadModule include_module modules/mod_include.so
                LoadModule log_config_module modules/mod_log_config.so
                LoadModule logio_module modules/mod_logio.so
                LoadModule env_module modules/mod_env.so
                LoadModule ext_filter_module modules/mod_ext_filter.so
                LoadModule mime_magic_module modules/mod_mime_magic.so
                LoadModule expires_module modules/mod_expires.so
                LoadModule deflate_module modules/mod_deflate.so
                LoadModule headers_module modules/mod_headers.so
                LoadModule usertrack_module modules/mod_usertrack.so
                LoadModule setenvif_module modules/mod_setenvif.so
                LoadModule mime_module modules/mod_mime.so
                LoadModule dav_module modules/mod_dav.so
                LoadModule status_module modules/mod_status.so
                LoadModule autoindex_module modules/mod_autoindex.so
                LoadModule info_module modules/mod_info.so
                LoadModule dav_fs_module modules/mod_dav_fs.so
                LoadModule vhost_alias_module modules/mod_vhost_alias.so
                LoadModule negotiation_module modules/mod_negotiation.so
                LoadModule dir_module modules/mod_dir.so
                LoadModule actions_module modules/mod_actions.so
                LoadModule speling_module modules/mod_speling.so
                LoadModule userdir_module modules/mod_userdir.so
                LoadModule alias_module modules/mod_alias.so
                LoadModule rewrite_module modules/mod_rewrite.so
                LoadModule proxy_module modules/mod_proxy.so
                LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
                LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
                LoadModule proxy_http_module modules/mod_proxy_http.so
                LoadModule proxy_connect_module modules/mod_proxy_connect.so
                LoadModule cache_module modules/mod_cache.so
                LoadModule suexec_module modules/mod_suexec.so
                LoadModule disk_cache_module modules/mod_disk_cache.so
                LoadModule file_cache_module modules/mod_file_cache.so
                LoadModule mem_cache_module modules/mod_mem_cache.so
                LoadModule cgi_module modules/mod_cgi.so
                LoadModule version_module modules/mod_version.so



                #
                # Load config files from the config directory "/etc/httpd/conf.d".
                #
                Include conf.d/*.conf


                User apache
                Group apache


                ServerAdmin root@localhost


                UseCanonicalName Off

                DocumentRoot "/var/www/html"

                <Directory />
                Options FollowSymLinks
                AllowOverride None
                </Directory>

                <Directory "/var/www/html">

                #
                # Possible values for the Options directive are "None", "All",
                # or any combination of:
                # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
                #
                # Note that "MultiViews" must be named explicitly --- "Options All"
                # doesn't give it to you.
                #
                # The Options directive is both complicated and important. Please see
                # http://httpd.apache.org/docs/2.2/mod/core.html#options
                # for more information.
                #
                Options Indexes FollowSymLinks

                #
                # AllowOverride controls what directives may be placed in .htaccess files.
                # It can be "All", "None", or any combination of the keywords:
                # Options FileInfo AuthConfig Limit
                #
                AllowOverride None

                #
                # Controls who can get stuff from this server.
                #
                Order allow,deny
                Allow from all

                </Directory>


                <IfModule mod_userdir.c>
                #
                # UserDir is disabled by default since it can confirm the presence
                # of a username on the system (depending on home directory
                # permissions).
                #
                UserDir disable

                #
                # To enable requests to /~user/ to serve the user's public_html
                # directory, remove the "UserDir disable" line above, and uncomment
                # the following line instead:
                #
                #UserDir public_html

                </IfModule>


                DirectoryIndex index.html index.html.var

                #
                # AccessFileName: The name of the file to look for in each directory
                # for additional configuration directives. See also the AllowOverride
                # directive.
                #
                AccessFileName .htaccess

                #
                # The following lines prevent .htaccess and .htpasswd files from being
                # viewed by Web clients.
                #
                <Files ~ "^\.ht">
                Order allow,deny
                Deny from all
                </Files>

                #
                # TypesConfig describes where the mime.types file (or equivalent) is
                # to be found.
                #
                TypesConfig /etc/mime.types

                DefaultType text/plain

                <IfModule mod_mime_magic.c>
                # MIMEMagicFile /usr/share/magic.mime
                MIMEMagicFile conf/magic
                </IfModule>

                HostnameLookups Off

                #EnableMMAP off

                ErrorLog logs/error_log

                #
                # LogLevel: Control the number of messages logged to the error_log.
                # Possible values include: debug, info, notice, warn, error, crit,
                # alert, emerg.
                #
                LogLevel warn

                #
                # The following directives define some format nicknames for use with
                # a CustomLog directive (see below).
                #
                LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
                LogFormat "%h %l %u %t \"%r\" %>s %b" common
                LogFormat "%{Referer}i -> %U" referer
                LogFormat "%{User-agent}i" agent

                # "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
                # requires the mod_logio module to be loaded.
                #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

                #
                # The location and format of the access logfile (Common Logfile Format).
                # If you do not define any access logfiles within a <VirtualHost>
                # container, they will be logged here. Contrariwise, if you do
                # define per-<VirtualHost> access logfiles, transactions will be
                # logged therein and not in this file.
                #
                #CustomLog logs/access_log common

                #
                # If you would like to have separate agent and referer logfiles, uncomment
                # the following directives.
                #
                #CustomLog logs/referer_log referer
                #CustomLog logs/agent_log agent

                #
                # For a single logfile with access, agent, and referer information
                # (Combined Logfile Format), use the following directive:
                #
                CustomLog logs/access_log combined

                #
                # Optionally add a line containing the server version and virtual host
                # name to server-generated pages (internal error documents, FTP directory
                # listings, mod_status and mod_info output etc., but not CGI generated
                # documents or custom error documents).
                # Set to "EMail" to also include a mailto: link to the ServerAdmin.
                # Set to one of: On | Off | EMail
                #
                ServerSignature On

                Alias /icons/ "/var/www/icons/"

                <Directory "/var/www/icons">
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all
                </Directory>

                #
                # WebDAV module configuration section.
                #
                <IfModule mod_dav_fs.c>
                # Location of the WebDAV lock database.
                DAVLockDB /var/lib/dav/lockdb
                </IfModule>

                #
                # ScriptAlias: This controls which directories contain server scripts.
                # ScriptAliases are essentially the same as Aliases, except that
                # documents in the realname directory are treated as applications and
                # run by the server when requested rather than as documents sent to the client.
                # The same rules about trailing "/" apply to ScriptAlias directives as to
                # Alias.
                #
                ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

                #
                # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
                # CGI directory exists, if you have that configured.
                #
                <Directory "/var/www/cgi-bin">
                AllowOverride None
                Options None
                Order allow,deny
                Allow from all
                </Directory>

                #
                # Redirect allows you to tell clients about documents which used to exist in
                # your server's namespace, but do not anymore. This allows you to tell the
                # clients where to look for the relocated document.
                # Example:
                # Redirect permanent /foo http://www.example.com/bar

                #
                # Directives controlling the display of server-generated directory listings.
                #

                #
                # IndexOptions: Controls the appearance of server-generated directory
                # listings.
                #
                IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable

                #
                # AddIcon* directives tell the server which icon to show for different
                # files or filename extensions. These are only displayed for
                # FancyIndexed directories.
                #
                AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

                AddIconByType (TXT,/icons/text.gif) text/*
                AddIconByType (IMG,/icons/image2.gif) image/*
                AddIconByType (SND,/icons/sound2.gif) audio/*
                AddIconByType (VID,/icons/movie.gif) video/*

                AddIcon /icons/binary.gif .bin .exe
                AddIcon /icons/binhex.gif .hqx
                AddIcon /icons/tar.gif .tar
                AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
                AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
                AddIcon /icons/a.gif .ps .ai .eps
                AddIcon /icons/layout.gif .html .shtml .htm .pdf
                AddIcon /icons/text.gif .txt
                AddIcon /icons/c.gif .c
                AddIcon /icons/p.gif .pl .py
                AddIcon /icons/f.gif .for
                AddIcon /icons/dvi.gif .dvi
                AddIcon /icons/uuencoded.gif .uu
                AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
                AddIcon /icons/tex.gif .tex
                AddIcon /icons/bomb.gif core

                AddIcon /icons/back.gif ..
                AddIcon /icons/hand.right.gif README
                AddIcon /icons/folder.gif ^^DIRECTORY^^
                AddIcon /icons/blank.gif ^^BLANKICON^^

                #
                # DefaultIcon is which icon to show for files which do not have an icon
                # explicitly set.
                #
                DefaultIcon /icons/unknown.gif

                #
                # AddDescription allows you to place a short description after a file in
                # server-generated indexes. These are only displayed for FancyIndexed
                # directories.
                # Format: AddDescription "description" filename
                #
                #AddDescription "GZIP compressed document" .gz
                #AddDescription "tar archive" .tar
                #AddDescription "GZIP compressed tar archive" .tgz

                #
                # ReadmeName is the name of the README file the server will look for by
                # default, and append to directory listings.
                #
                # HeaderName is the name of a file which should be prepended to
                # directory indexes.
                ReadmeName README.html
                HeaderName HEADER.html

                #
                # IndexIgnore is a set of filenames which directory indexing should ignore
                # and not include in the listing. Shell-style wildcarding is permitted.
                #
                IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

                AddLanguage ca .ca
                AddLanguage cs .cz .cs
                AddLanguage da .dk
                AddLanguage de .de
                AddLanguage el .el
                AddLanguage en .en
                AddLanguage eo .eo
                AddLanguage es .es
                AddLanguage et .et
                AddLanguage fr .fr
                AddLanguage he .he
                AddLanguage hr .hr
                AddLanguage it .it
                AddLanguage ja .ja
                AddLanguage ko .ko
                AddLanguage ltz .ltz
                AddLanguage nl .nl
                AddLanguage nn .nn
                AddLanguage no .no
                AddLanguage pl .po
                AddLanguage pt .pt
                AddLanguage pt-BR .pt-br
                AddLanguage ru .ru
                AddLanguage sv .sv
                AddLanguage zh-CN .zh-cn
                AddLanguage zh-TW .zh-tw

                #
                # LanguagePriority allows you to give precedence to some languages
                # in case of a tie during content negotiation.
                #
                # Just list the languages in decreasing order of preference. We have
                # more or less alphabetized them here. You probably want to change this.
                #
                LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

                #
                # ForceLanguagePriority allows you to serve a result page rather than
                # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
                # [in case no accepted languages matched the available variants]
                #
                ForceLanguagePriority Prefer Fallback

                #
                # Specify a default charset for all content served; this enables
                # interpretation of all content as UTF-8 by default. To use the
                # default browser choice (ISO-8859-1), or to allow the META tags
                # in HTML content to override this choice, comment out this
                # directive:
                #
                AddDefaultCharset UTF-8

                #
                # AddType allows you to add to or override the MIME configuration
                # file mime.types for specific file types.
                #
                #AddType application/x-tar .tgz

                #
                # AddEncoding allows you to have certain browsers uncompress
                # information on the fly. Note: Not all browsers support this.
                # Despite the name similarity, the following Add* directives have nothing
                # to do with the FancyIndexing customization directives above.
                #
                #AddEncoding x-compress .Z
                #AddEncoding x-gzip .gz .tgz

                # If the AddEncoding directives above are commented-out, then you
                # probably should define those extensions to indicate media types:
                #
                AddType application/x-compress .Z
                AddType application/x-gzip .gz .tgz

                #
                # AddHandler allows you to map certain file extensions to "handlers":
                # actions unrelated to filetype. These can be either built into the server
                # or added with the Action directive (see below)
                #
                # To use CGI scripts outside of ScriptAliased directories:
                # (You will also need to add "ExecCGI" to the "Options" directive.)
                #
                #AddHandler cgi-script .cgi

                #
                # For files that include their own HTTP headers:
                #
                #AddHandler send-as-is asis

                #
                # For type maps (negotiated resources):
                # (This is enabled by default to allow the Apache "It Worked" page
                # to be distributed in multiple languages.)
                #
                AddHandler type-map var

                #
                # Filters allow you to process content before it is sent to the client.
                #
                # To parse .shtml files for server-side includes (SSI):
                # (You will also need to add "Includes" to the "Options" directive.)
                #
                AddType text/html .shtml
                AddOutputFilter INCLUDES .shtml

                #
                # Action lets you define media types that will execute a script whenever
                # a matching file is called. This eliminates the need for repeated URL
                # pathnames for oft-used CGI file processors.
                # Format: Action media/type /cgi-script/location
                # Format: Action handler-name /cgi-script/location
                #

                #
                # Customizable error responses come in three flavors:
                # 1) plain text 2) local redirects 3) external redirects
                #
                # Some examples:
                #ErrorDocument 500 "The server made a boo boo."
                #ErrorDocument 404 /missing.html
                #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
                #ErrorDocument 402 http://www.example.com/subscription_info.html
                #

                #
                # Putting this all together, we can internationalize error responses.
                #
                # We use Alias to redirect any /error/HTTP_<error>.html.var response to
                # our collection of by-error message multi-language collections. We use
                # includes to substitute the appropriate text.
                #
                # You can modify the messages' appearance without changing any of the
                # default HTTP_<error>.html.var files by adding the line:
                #
                # Alias /error/include/ "/your/include/path/"
                #
                # which allows you to create your own set of files by starting with the
                # /var/www/error/include/ files and
                # copying them to /your/include/path/, even on a per-VirtualHost basis.
                #

                Alias /error/ "/var/www/error/"

                <IfModule mod_negotiation.c>
                <IfModule mod_include.c>
                <Directory "/var/www/error">
                AllowOverride None
                Options IncludesNoExec
                AddOutputFilter Includes html
                AddHandler type-map var
                Order allow,deny
                Allow from all
                LanguagePriority en es de fr
                ForceLanguagePriority Prefer Fallback
                </Directory>

                </IfModule>
                </IfModule>

                #
                # The following directives modify normal HTTP response behavior to
                # handle known problems with browser implementations.
                #
                BrowserMatch "Mozilla/2" nokeepalive
                BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
                BrowserMatch "RealPlayer 4\.0" force-response-1.0
                BrowserMatch "Java/1\.0" force-response-1.0
                BrowserMatch "JDK/1\.0" force-response-1.0

                #
                # The following directive disables redirects on non-GET requests for
                # a directory that does not include the trailing slash. This fixes a
                # problem with Microsoft WebFolders which does not appropriately handle
                # redirects for folders with DAV methods.
                # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
                #
                BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
                BrowserMatch "MS FrontPage" redirect-carefully
                BrowserMatch "^WebDrive" redirect-carefully
                BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
                BrowserMatch "^gnome-vfs/1.0" redirect-carefully
                BrowserMatch "^XML Spy" redirect-carefully
                BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully


                ########## Our changes ######################################################################


                # P3P IE SSL Frame
                <IfModule mod_headers.c>
                Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""
                </IfModule>


                # **********************************************************
                <VirtualHost mydomain.pl:80>
                ServerAdmin admin@mydomain.pl
                ServerName mydomain.pl

                     RewriteEngine on
                     RewriteRule ^/$ https://%{SERVER_NAME}/apex\/f\?p=800$1 [R]

                     RewriteCond %{HTTPS} !=on
                     RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R]
                </VirtualHost>

                # *********************************************************************************


                     Alias /i/ /path/i/
                     # Directory dla plików APEX-owych
                     <Directory "/path/i/">

                          Options None
                          AllowOverride None
                          Order allow,deny
                          Allow from all
                          
                          # Cachowanie plików
                          <IfModule mod_expires.c>
                               ExpiresActive     On
                               ExpiresDefault     "access plus 1 month"
                          </IfModule>

                          ### Typy plików, które powinny być kompresowane
                          <IfModule mod_deflate.c>
                     AddOutputFilterByType DEFLATE text/css
                     AddOutputFilterByType DEFLATE application/x-javascript
                     AddOutputFilterByType DEFLATE application/xhtml+xml
                     AddOutputFilterByType DEFLATE application/xml
                               AddOutputFilterByType DEFLATE text/x-component
                          </IfModule>

                     </Directory>
                     
                     ### reverse proxy

                     # flash Chart #HOST#
                     ProxyPreserveHost On

                     ProxyPass /apex     http://localhost:8888/apex
                     ProxyPassReverse /apex     http://localhost:8888/apex
                ----------------------------------------------














                My ssl.conf file

                ----------------------------------------------

                LoadModule ssl_module modules/mod_ssl.so

                #
                # When we also provide SSL we have to listen to the
                # the HTTPS port in addition.
                #
                Listen 443

                AddType application/x-x509-ca-cert .crt
                AddType application/x-pkcs7-crl .crl

                SSLPassPhraseDialog builtin

                # Inter-Process Session Cache:
                # Configure the SSL Session Cache: First the mechanism
                # to use and second the expiring timeout (in seconds).
                #SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
                SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
                SSLSessionCacheTimeout 300

                # Semaphore:
                # Configure the path to the mutual exclusion semaphore the
                # SSL engine uses internally for inter-process synchronization.
                SSLMutex default

                SSLRandomSeed startup file:/dev/urandom 256
                SSLRandomSeed connect builtin
                #SSLRandomSeed startup file:/dev/random 512
                #SSLRandomSeed connect file:/dev/random 512
                #SSLRandomSeed connect file:/dev/urandom 512

                SSLCryptoDevice builtin
                #SSLCryptoDevice ubsec

                ##
                ## SSL Virtual Host Context
                ##

                #################Our changes ################

                # Wirtual host
                <VirtualHost mydomain.pl:443>
                ServerAdmin admin@mydomain.pl
                ServerName mydomain.pl

                     RewriteEngine on
                     RewriteRule ^/$ https://%{SERVER_NAME}/apex\/f\?p=800$1 [R]

                SSLEngine on
                SSLCertificateFile /path/server_key.txt
                SSLCertificateKeyFile /path/private_key.txt
                SSLCACertificateFile /path/ca_key.txt
                </VirtualHost>
                • 5. Re: Errornotification message checksum content error
                  Udo
                  Hi Andy,
                  every row exclude LC_ALL contain the same value = "pl_PL.UTF-8"
                  Everything on UTF-8 sounds good. LC_ALL is not necessary.
                  Even your httpd.conf looks good concerning that part:
                  AddDefaultCharset UTF-8
                  But I found one thing in your ssl.conf I'd take a closer look on:
                  RewriteRule ^/$ https://%{SERVER_NAME}/apex\/f\?p=800$1 [R]
                  As far as I know, Rewrite will encode all non-ANSI characters as %xx hex codes in output if you don't disable it:
                  RewriteRule ^/$ https://%{SERVER_NAME}/apex\/f\?p=800$1 [NE,R]
                  So in case you already get them encoded, this will cause the double encoding you see.
                  You should check if all requests come in that way. Otherwise you should leave the inital rule unchanged and add a Rule (before that one) which just matches success messages and leaves all other requests untouched.


                  If that's not the solution, I have one other guess:
                  ########## Our changes ######################################################################
                  
                  # P3P IE SSL Frame
                  <IfModule mod_headers.c>
                  Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""
                  </IfModule>
                  mod_headers is (of course) loaded before, so the headers are modified by that handler. Though I'd usually not expect some effect like what you see in this module, possibly the url is (re)encoded here as well. You could try to check that by either commenting out that section or the line where mod_headers is loaded.

                  -Udo
                  • 6. Re: Errornotification message checksum content error
                    AndyPol
                    Udo You are Great : )

                    It helped: RewriteRule ^/$ https://%{SERVER_NAME}/apex\/f\?p=800$1 *[NE,R]*
                    • 7. Re: Errornotification message checksum content error
                      945911
                      Hi Udo,

                      please help me if you can. I see you had a great solution for this kind of problem.

                      So, I have the exact same error message (notification message checksum content error) when I try to log in to my app. BUT the circumstances not the exact same.

                      Oracle DB version: 10.2.0.5
                      APEX version: 4.0.2.00.07
                      APEX Listener version: 1.1.3.243.11.40

                      There is no SSL, there is no other complicated configuration.

                      My httpd.conf file:

                      ServerRoot "/usr/local/apache2"
                      Listen 80
                      LoadModule jk_module modules/mod_jk.so

                      <IfModule !mpm_netware_module>
                      <IfModule !mpm_winnt_module>
                      User daemon
                      Group daemon
                      </IfModule>
                      </IfModule>

                      ServerAdmin you@example.com
                      DocumentRoot "/usr/local/apache2/htdocs"

                      <Directory />
                      Options FollowSymLinks
                      AllowOverride None
                      Order deny,allow
                      Deny from all
                      </Directory>

                      <Directory "/usr/local/apache2/htdocs">
                      Options Indexes FollowSymLinks
                      AllowOverride None
                      Order allow,deny
                      Allow from all
                      </Directory>

                      <IfModule dir_module>
                      DirectoryIndex index.html
                      </IfModule>

                      <FilesMatch "^\.ht">
                      Order allow,deny
                      Deny from all
                      Satisfy All
                      </FilesMatch>

                      ErrorLog "logs/error_log"
                      LogLevel warn

                      <IfModule log_config_module>
                      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
                      LogFormat "%h %l %u %t \"%r\" %>s %b" common
                      <IfModule logio_module>
                      # You need to enable mod_logio.c to use %I and %O
                      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
                      </IfModule>
                      CustomLog "logs/access_log" common
                      </IfModule>

                      <IfModule alias_module>
                      ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
                      </IfModule>

                      <IfModule cgid_module>
                      </IfModule>

                      <Directory "/usr/local/apache2/cgi-bin">
                      AllowOverride None
                      Options None
                      Order allow,deny
                      Allow from all
                      </Directory>

                      DefaultType text/plain

                      <IfModule mime_module>
                      TypesConfig conf/mime.types
                      AddType application/x-compress .Z
                      AddType application/x-gzip .gz .tgz
                      </IfModule>

                      <IfModule ssl_module>
                      SSLRandomSeed startup builtin
                      SSLRandomSeed connect builtin
                      </IfModule>

                      # Setup APEX static file path
                      Alias /i/ /usr/apex/images/
                      <Directory /usr/apex/images/>
                      Order allow,deny
                      Allow from all
                      </Directory>

                      # Add extra mime types
                      AddType text/xml xbl
                      AddType text/x-component htc

                      # Mod_jk Settings
                      JkWorkersFile /root/tomcat/apache-tomcat-6.0.33/conf/jk/workers.properties
                      JkLogFile /root/tomcat/apache-tomcat-6.0.33/logs/mod_jk.log
                      JkLogLevel info
                      JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
                      JkMount /apex/* default

                      -----------------------------------------------

                      There's no other configuration!

                      The error occured after I enabled the session state protection. It is unbelievable, but if I disable the session state protection the error is the same.

                      What can be the solution? Is there a workaround for this?

                      Please help me.

                      Thanks in advance

                      Tom
                      • 8. Re: Errornotification message checksum content error
                        Udo
                        Hi Tom, and welcome to the OTN forums!

                        Please open a new thread for your issue, as this one has already been marked as answered long ago, and your issue seems to be different from the one described in the original post.
                        Concerning your configuration, it seems you've deployed APEX Listener to a Tomcat (6.0.33), but you didn't include any hints on how your Tomcat is configured. So when you open your own thread, please provide some additional information, e.g. connector configuration, JVM options, Java version (as detailed as possible), other environment parameters (OS, locale settings, ...).
                        My first guess would be a missing part in your Tomcats connector configuration...

                        -Udo