[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modproxy-dev
Subject: Re: problem with cookie domains and mod_proxy, Apache 1.3.27
From: Ian Holsman <Ian.Holsman () cnet ! com>
Date: 2003-03-21 13:27:23
[Download RAW message or body]
I don't think 2.0 has any specific options for not passing specific cookies through.
I'm not sure how easy it would be. Looking at a tcpdump of port80 traffic, it doesn't
look like the request passes the domain back.
I guess the only way would be for the site admin to explitly block a cookie, but I don't belive
that option exists at the moment, and I can't think of a workaround via rewrite.
Sorry Ken.
ps.. if this is really really big pain for you, we could add a directive to mask cookies
but It would probably end up in the standard 2.0 distribution, not 1.3
--ian
Mathias Herberts wrote:
> Humm second thought, we are not running the same config, no auth is done
>
> on our reverse proxies, and I personnaly think this is not the place for
>
> auth as reverse proxies should really be transparent.
>
> I guess the actual mod_proxy code will not enable you to fix your
> problem. Maybe Apache 2.0 has more features for tweaking headers.
>
> Regards,
>
> Mathias.
>
> Weiss, Ken wrote:
>
>>I have configured Apache 1.3.27 to operate as a reverse proxy. My
>
> proxy runs
>
>>on proxybox.schwab.com. I have a content server sitting behind it,
>>content.schwab.com. I can access the following URL, and it works
>
> perfectly:
>
>>
>>
>>http://proxybox.schwab.com/content
>
> <http://proxybox.schwab.com/content>
>
>>
>>
>>I get the content that is sitting on content.schwab.com. So all the
>
> reverse
>
>>proxy stuff is working fine.
>>
>>
>>
>>Here's my problem. I use a cookie to authenticate people to
>>proxybox.schwab.com. This cookie has a domain of .proxybox.schwab.com,
>
> so it
>
>>should only be presented to that specific host. Web servers running on
>
> any
>
>>other host should not be able to see this cookie. But, I can see the
>
> cookie
>
>>on content.schwab.com.
>>
>>
>>
>>It appears that mod_proxy passes all headers, including cookies with
>
> very
>
>>restrictive domains, to the content servers. Even though the cookie
>
> has a
>
>>domain set that should prevent it from going to any other servers, it
>
> still
>
>>gets passed along.
>>
>>
>>
>>Is there any way to configure mod_proxy so it will stop doing this? Is
>
> there
>
>>any way to modify mod_proxy to filter a specific cookie from the
>
> header
>
>>before passing the request to the content server?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>--Ken
>>
>>
>>
>>---------------------------------------------------------------
>>
>>Ken Weiss ken.weiss@schwab.com
>>
>>Directory Services 415-667-1424 (voice)
>>
>>Charles Schwab & Co. 415-786-1545 (cell)
>>
>>SF211MN-10-353 415-667-1797 (fax)
>>
>>101 Montgomery St.
>>
>>San Francisco, CA 94104
>>
>>
>>
>>WARNING: All email sent to this address will be received by the
>
> Charles
>
>>Schwab & Co., Inc. corporate email system and is subject to archival
>
> and
>
>>review by someone other than the recipient.
>>
>>
>>
>>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic