Jul 19, 2002 at 09:20:58AM +0200 X-Last-Book-Read: "A big boy did it and ran away" by Christopher Brookmyre X-Mini-Review: One more reason to play Quake III :-) X-Full-Review: See http://josvisser.nl/bookcorner.html X-Now-Reading: "Het evangelie volgens Jezus Christus" by Jos� Saramago X-URL: http://josvisser.nl X-Message: Why not read http://josvisser.nl/groundzero.html
The biggest problem we have is with redirections that are being returned to the browser. Because our web servers are behind a set of reverse proxies (currently *three* deep! There is nothing I/we can do about that because it is "corporate policy"), the web servers are not visible directly from the outside. So there is a whole set of servers with internal names (that are not known in the outside DNS) that all masquerade behind www.bigacme.com/so_and_so... We use the Netegrity SiteMinder product to implement single sign on for the entire web server park. The SiteMinder web agent that is plugged into each web server assesses whether a user has already logged in (cookies) and if not redirects back to the logon web server which performs the logon process (with all sorts of fancy smart card technology if needed). This means that SiteMinder returns a 30x reply with a Location header that goes something like: Location: http://loginserv.internal.bigacme.com?return=http://webserv.internal.bigacme.com Both internal names are not visible from the outside, so the Location header needs to be rewritten to contain a redirect to: Location: http://www.bigacme.com/login?return=http://www.bigacme.come/some_app (Examples are highly simplified and stylized, but you get the picture...) Now, reverse proxies can typically rewrite the host part of the Location header, but not the URI/Query_String part. We are having all sorts of headaches with this. There are some related smaller problems as well (e.g. the incoming Host header). Now, I am the first to acknowledge that my customer's network/proxy/DNS structure is all f*cked up, but it is out of my control (out of anyone's control basically :-), hence my desire to solve it as good as I can in the pieces that *are* under my control... ++Jos.nl And thus it came to pass that Graham Leggett wrote: (on Fri, Jul 19, 2002 at 09:20:58AM +0200 to be exact) > [EMAIL PROTECTED] wrote: > > > Now, your opinion is greatly valued on the following: > > > > - Is my reasoning about the impossibility to achieve this with a > > (standard) module correct? > > - Would a generic header rewriting feature be deemed a worthwhile > > addition to the core? > > First off - what are the problems that exist you are trying to solve? > > The minute I see the requirement to start rewriting things all over > the > show my instinct kicks in saying "simplify, simplify". > > Regards, > Graham > -- > ----------------------------------------- > [EMAIL PROTECTED] > "There's a moon > over Bourbon Street > tonight..." -- "Freedom" is just another word for "nothing left to lose"...
