<div dir="ltr">Hi,<div><br></div><div>We are running nginx opensource with modsecuity. Nginnx is a proxy server.</div><div><br></div><div>We are also running an application, (which we proxy using nginx) that creates reports and downloads images.</div><div><br></div><div>We are facing an issue with nginx session persistence.</div><div><br></div><div>During report creation, not all images are downloaded to the report. When the page is refreshed, other images different from the initial ones are displayed.</div><div><br></div><div>Nginx access.log shows the following</div><div><br></div><div>GET /prod/reportImage?rnd=1661411659&image=img_0_0_5 HTTP/1.1" 500 1692<br></div><div><br></div><div>Modscurity log shows the following</div><div><br></div><div><br></div><div>!doctype html><html lang="en"><head><title>HTTP Status 500 \xe2\x80\x93 Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} <a href="http://a.name/" target="_blank">a.name</a> {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 \xe2\x80\x93 Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> No JasperPrint documents found on the HTTP session.</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: <b>No JasperPrint documents found on the HTTP session.</b>\x0a\x09net.sf.jasperreports.j2ee.servlets.ImageServlet.service(ImageServlet.java:95)\x0a\x09javax.servlet.http.HttpServlet.service(HttpServlet.java:742)\x0a\x09org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\x0a\x09com.ltc.app.server.ClickjackFilter.doFilter(ClickjackFilter.java:117)\x0a\x09org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)\x0a</pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/8.5.41</h3></body></html><br></div><div><br></div><div>Appreciate your help</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr" style="font-size:12.8px"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="268"><col width="356"></colgroup><tbody><tr style="height:0pt"><td style="border-left:solid #ffffff 1pt;border-right:solid #ffffff 1pt;border-bottom:solid #ffffff 1pt;border-top:solid #ffffff 1pt;vertical-align:top;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font color="#666666" face="Arial"><span style="font-size:16px;white-space:pre-wrap"><b><br></b></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font color="#666666" face="Arial"><span style="font-size:16px;white-space:pre-wrap"><b>Morgan Kisienya</b></span></font></p><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b style="color:rgb(102,102,102)">Managed Security Services</b><br></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b style="color:rgb(102,102,102);font-size:12.8px"><br></b></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b style="color:rgb(102,102,102);font-size:12.8px">PO Box 139 Wahroonga NSW 2076</b><font color="#666666" size="2"><b><br></b></font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:12.8px"><div dir="ltr" style="font-size:small"><b style="color:rgb(102,102,102);font-size:12.8px">Mobile: +254 733 698 394</b></div><div dir="ltr" style="font-size:small"><font color="#666666"><b><span style="font-size:12.8px">Web    : <a href="http://www.doveria.com/" style="color:rgb(17,85,204)" target="_blank">www.doveria.com</a><br></span>Email : </b></font><b style="font-size:12.8px;color:rgb(102,102,102)"><a href="mailto:morgan@doveria.com" style="color:rgb(17,85,204)" target="_blank">morgan@doveria.com</a></b></div></div><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:200px;height:47px"><img src="https://lh4.googleusercontent.com/OYZJU_PLPevEnkxTVMy8K58j1rq6L2B_5g6Mtx47MXdEJ7V4xsNJkJqr9hBgQlJD8DgrdLUEZtlX5lv3LQoeFYaqSgBfDQ-s65M42Jth0eGUv2aT-PFHrGRUUbw0YUu2W2W864YT" width="200" height="47" style="margin-left:0px;margin-top:0px"></span></span><span style="font-size:11pt;font-family:Arial;color:rgb(102,102,102);font-weight:700;vertical-align:baseline;white-space:pre-wrap"><br><br></span></p></td><td style="border-left:solid #ffffff 1pt;border-right:solid #ffffff 1pt;border-bottom:solid #ffffff 1pt;border-top:solid #ffffff 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:82px;height:171px"><img src="https://lh6.googleusercontent.com/_7FrZIVyt440sxt3Ev-6w5eakQqYWPkWrwcXLhfGZQYg9eSKFNqT7zoeCuh-iyv53N95TwMswh1MRD5KsGL_fkND76mUtjXT-e8Xn2AvjmcO9JWvLwTwHsJKGRQu2lOFS4mdxqn6" width="82" height="171" style="margin-left:0px;margin-top:0px"></span></span></p></td></tr></tbody></table></div><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(68,68,68);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.</span><span style="font-size:11pt;font-family:Arial;color:rgb(35,31,32);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">  </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(68,68,68);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">Doveria puts the security of the client at a high priority. Therefore, we have put efforts into ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email.</span><span style="font-size:11pt;font-family:Arial;color:rgb(35,31,32);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">  </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(68,68,68);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">Please do not print this email unless it is necessary. Every un-printed email helps the environment.</span></p></span></div></div></div></div></div></div></div></div></div></div></div></div>