'DO NOT REPLY [Bug 45693] New: Long referer with reverse proxy runs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-bugs
Subject:    DO NOT REPLY [Bug 45693] New: Long referer with reverse proxy runs
From:       bugzilla () apache ! org
Date:       2008-08-26 15:10:16
Message-ID: bug-45693-7868 () https ! issues ! apache ! org/bugzilla/
[Download RAW message or body]

https://issues.apache.org/bugzilla/show_bug.cgi?id=45693

           Summary: Long referer with reverse proxy runs in errors
           Product: Apache httpd-2
           Version: 2.2.0
          Platform: PC
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: alexkrystek@gmx.de


Hi,

we run on a solaris 10 machine an apache web server 2.2 (sorry, I don't know
the last version, I've just an extract of the conf files).

We have a portal and use the proxy module to pass and passreverse communication
to other application servers. Also we are using a Single Sign On product, which
forces a cookie refresh every 10 minutes.
The refresh is very simple, the loaded sso module just calls the cookie
provider, gets the cookie and redirects back to the origin URL. And here is the
problem, the cookie provider URL is called with a very long session string. The
URL is a little bit longer then 1400 chars. In the redirect back to the origin
URL the referer contains this long URL. Now the browser presents an HTTP 502
error. The origin URL is a proxy URL, which is passing to one of the
application servers.

Here is our config:
...
SSLProxyEngine on
...
ProxyRequests Off
<Proxy *>
        Order   deny,allow
        Allow   from all
</Proxy>
ProxyPass        /folder/ http://server.test.net:8080/folder/
ProxyPassReverse /folder/ http://server.test.net:8080/folder/
...

You can rebuild the problem very easy, just set up an apache with proxy pass
und pass reverse to e.g. www.google.de. Then use the firefox plugin "modify
headers" and add a header named "Referer" with a long URL e.g.
www.google.de/test1234567.......... If you try to access the proxy URL, a 502
will be produced.
In our tests we have found a max. supported Referer length of 1060 chars. All
longer URLs will produce the error.

We have tried to use badheader directive, but without luck. Then we have used
mod_headers and it worked. But this is just a workaround:
# if referer contain www.google.de set variable
SetEnvIf Referer "www\.google\.de" rewrite_true
# if variable true, set new header with content https://www.google.de
RequestHeader set Referer "https://www.google.de" env=rewrite_true

bye,
Alex


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic