-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Elizabeth,
LAM includes several security checks to prevent attacks on the application. If it detects such a situation then it will abort and send no content. But it will log the incident and its reason. You can setup logging (file/syslog) in LAM's main configuration. Please check what log message you get. One reason can be that your proxy server connects to LAM using changing IPs for the same session. E.g. the login page is loaded from IP 1 and the POST for the password is sent from IP 2. The proxy/load balancer needs to be session sticky. Best regards Roland On 28.03.2013 22:35, Elizabeth Jones wrote: > We are trying to put an F5 in front of our lam web page and running > into problems. When we connect directly to the server that is > hosting lam making an http connection everything is fine. The F5 > is presenting an https url and then redirecting that to lam server > - so we have http://lam works fine, https:F5lam does not work. We > get a 200 ok from the web page, but it is sending 0 bytes back. > > https: 1.1.1.5 - - [28/Mar/2013:16:19:18 -0500] "GET > /templates/login.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT > 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0" > > http: 1.0.1.228 - - [28/Mar/2013:16:15:37 -0500] "GET > /templates/login.php HTTP/1.1" 200 6506 "-" "Mozilla/5.0 (Windows > NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0" > > I ran tcpdumps on the lam server and saw that it looks like it is > trying to inject a cookie into the http connection, but not the > https connection: > > HTTP/1.1 200 OK Date: Thu, 28 Mar 2013 20:43:35 GMT Server: > Apache/2.2.15 (Oracle) X-Powered-By: PHP/5.3.3 Set-Cookie: > PHPSESSID=6fiq68v0o995e101me7lnfspf4; path=/ Expires: Thu, 19 Nov > 1981 08:52:00 GMT Cache-Control: no-store, no-cache, > must-revalidate, post-check=0, pre-check=0 Pragma: no-cache > Set-Cookie: PHPSESSID=cs0pqsh29i3uvafbv2g24tuq77; path=/ > Set-Cookie: PHPSESSID=885i50ptibr1p0inm9428vah20; path=/ > Content-Length: 6506 Connection: close Content-Type: text/html; > charset=UTF-8 > > > no cookie on the https connection: HTTP/1.1 200 OK Date: Thu, 28 > Mar 2013 20:41:40 GMT Server: Apache/2.2.15 (Oracle) X-Powered-By: > PHP/5.3.3 Content-Length: 0 Connection: close Content-Type: > text/html; charset=UTF-8 > > > Can anyone explain to me why one connection is sending a cookie but > the other one isn't, and/or why it would send a 0 byte page back? > > thanks - > > EJ > > > > ------------------------------------------------------------------------------ > > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo by > 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ Lam-public mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public > - -- Mit freundlichen Grüßen Roland Gruber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlFVYDQACgkQq/ywNCsrGZ7xcQCfTGNObI3kXVrx0aB9RPmhvyaO J+cAn02GqZCptYdlhzChYuHnMjlK2JA4 =Pdp6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
