Hi all,
I have the strangest results in an environment we use
at a customer.
We have an apache-server with mod_proxy on one node,
which forwards it's requests to another apache-server
with mod_proxy AND mod_sm from siteminder Netegrity.
Both apache servers are 1.3.26, pached with my previously
posted 'full reverse proxy' path, a siteminder patch (which
cannot be applied because the change seems to be in
standard 1.3.26 anyway) and a patch which removes spurious
line-feeds/carriage returns in the headers.
The strange thing is that some redirects from the application
(behind the 2nd proxy) work fine, others work only on IE6
browsers, others crash with a 'DNS error', and all netscapes
seem to display the redirect page without actually performing
the redirect.
The only strange thing I see in the sniffer logs (the redirects
are fine, no additional cr/lf's, no other strange things) is
that the siteminder cookies are set twice.
I afiak the duplication happens on the second proxy but I
cannot imagine why. Either there is a problem with the
mod_sm making it add the cookies and not replace if they
exist, or the mod_proxy duplicates the Set-Cookie headers.
I am completely baffled by this issue, and I don't have much
hair left on my head ;)
My question to y'all is :
1. Has anybody got this same config (using siteminder) ?
2. Does anybody know why the netscape browser does not
perform the redirect, except when I press 'reload' ?
3. Has anybody got a hint as to why Set-Cookie headers
might be duplicated ?
Thanks in advance,
Martijn Schoemaker
P.S.: Since this infrastucture is SSL on the front, and since
browsers nowadays don't support 'view response as-is'
anymore (let alone seeing the headers :() I do not have
the actual document 'seen' by the browser.
--
You have reached the end of the message.
Press [t] to go to the top of this message, or [c] to close it.
HTTP/1.1 302 Moved Temporarily
Date: Wed, 28 Aug 2002 13:21:50 GMT
Server: SilverStream Server/10.0
Set-Cookie: FORMCRED=; path=/; expires=Fri, 01-Mar-2002 12:21:50 GMT;
domain=.snip
Set-Cookie:
SMIDENTITY=7xTJTukZjxBnfYYpXQgbkYTGxi4+ileea/13TrjJ05VQbjBFs2J+xPdGerg+GoEAr32sTONvvfdPK/Htrf5L9L4tDe1fzs+vaAJO7w8aNpkHuMX2l+3V3p1m3dENG0QTIuh/3HP9Q23+shlgJnJeXjOeDiWnimTEZgtYTgbLQr+sPffmQ331AKK3TJuQYvWrAVcvxy3FKJdB1rzHVMjNJ6Wr7DjFSNgZ4xlAUWqgaQ2uwmfecEQt4YswhJa/5icjwMSgXMXKC0dBdZGPvkjoeev+ZpAqDMcrYuqTfmFMkoNgFiE6qnkPHIFLpdWSX1PU19p/8D7yeviGZQXln140mvYQ037tN/44au6tkFmloUYymmSnj0EdHGLY65oeNhehkdJrYlZrB8OXjlkRoc/tqKIN7t6B7rQofGSFEdY2h3iubCt23hqTwgCZikKBcE51dj5nGMxBXmMBADIo4fIW9o5WDwYxWU2V0y67FZ7GYljxhySvnBdmbvphcdMtfG6Ow/SfEtrS7sSkFykQmjC6jMlZ2sdodon8vKa7lnro/Mu6+4U83GFcs04QuKvseFAQK5QaGv6e9JIkt51krNVtdv/PTVKNtn8v;
expires=Fri, 27-Aug-2004 12:21:50 GMT; path=/; domain=.snip
Set-Cookie:
SMSESSION=FwpgylAjMdeCP1Li0JgtFJQNF8/IdGuzhss0ahnzJ7toGfW5BeMMdI6zN6NJ/B/bx0ndMRdjCEqtysG/xQ6ZUqsN2fCkzf93axXc3WwkK6F01WEGrsydwMGgpePrNted3OTWxOJYKHs05Vz+IulntJh2AKtinsrl54Nn7xNDUGYYauf6oin+GIGNJB3awBs5JFe6KBEoXK5p0yq7RgbyDYDzxXDbVH3C//wsNCNhy5JaEXy5zkmKy9/QUK0kZJrZIlOubZUjTp6nn3WpWTO1ZB6mCDHfIzG8oxvfHEuoIbj4tg53e3pGMwcbqaHihJK11Iu4MllUruJPmD0EJ2ZnCYLppbnXgjO+F69CO7qH3kL95KZtO4drG5KKukGs5+4hJT0XY7/DxFpGj+8VuC+QxrNED1OY02/aIo66ctiYxqjbJmEADrYFl0RMAK4M/nZkVVHJgItbnjAXe431uuB9HOCo9KoosXk9UFTmAagZAjbGEPB8aPfcWrna7RHZU6EqYcbyiUZV7KoDvSR0CDn7jozBGZTxepNch+xEtiCIVfYdQV/Zs3Z/8Aq/+sYPs2onfwThQiXUPP3rZAoRn+wkD1LNSGEiolcaUUeVRcB1x3mk3k78o6e+BbRfcBX1Mh06X9cfJ9vl5OAp8XjyJNH1Qj8p8edNaS41D3AcIs3d//kU7gtObE2a43PzqurLnXL8+cOt9Kft2vQOOJFtC1IIURifa1lHFIp7Dcec7kXJCKfq3sq4DvBLaTYXRWUwrMuZhJZY5JsoARIzY/WilB5JbIa0p1ZZD+Zv27ss6Gn9OBlmf9XXMttTl25qUhRf14D38iq/mUEwnf8fnvZr9zxwIWRUtTxJWLPWQ8AaOfVjIu9aBUwjxkzYkTedXBG8ieFo;
path=/; domain=.snip
Set-Cookie: FORMCRED=; path=/; expires=Fri, 01-Mar-2002 12:21:50 GMT;
domain=.snip
Set-Cookie:
SMIDENTITY=7xTJTukZjxBnfYYpXQgbkYTGxi4+ileea/13TrjJ05VQbjBFs2J+xPdGerg+GoEAr32sTONvvfdPK/Htrf5L9L4tDe1fzs+vaAJO7w8aNpkHuMX2l+3V3p1m3dENG0QTIuh/3HP9Q23+shlgJnJeXjOeDiWnimTEZgtYTgbLQr+sPffmQ331AKK3TJuQYvWrAVcvxy3FKJdB1rzHVMjNJ6Wr7DjFSNgZ4xlAUWqgaQ2uwmfecEQt4YswhJa/5icjwMSgXMXKC0dBdZGPvkjoeev+ZpAqDMcrYuqTfmFMkoNgFiE6qnkPHIFLpdWSX1PU19p/8D7yeviGZQXln140mvYQ037tN/44au6tkFmloUYymmSnj0EdHGLY65oeNhehkdJrYlZrB8OXjlkRoc/tqKIN7t6B7rQofGSFEdY2h3iubCt23hqTwgCZikKBcE51dj5nGMxBXmMBADIo4fIW9o5WDwYxWU2V0y67FZ7GYljxhySvnBdmbvphcdMtfG6Ow/SfEtrS7sSkFykQmjC6jMlZ2sdodon8vKa7lnro/Mu6+4U83GFcs04QuKvseFAQK5QaGv6e9JIkt51krNVtdv/PTVKNtn8v;
expires=Fri, 27-Aug-2004 12:21:50 GMT; path=/; domain=.snip
Set-Cookie:
SMSESSION=FwpgylAjMdeCP1Li0JgtFJQNF8/IdGuzhss0ahnzJ7toGfW5BeMMdI6zN6NJ/B/bx0ndMRdjCEqtysG/xQ6ZUqsN2fCkzf93axXc3WwkK6F01WEGrsydwMGgpePrNted3OTWxOJYKHs05Vz+IulntJh2AKtinsrl54Nn7xNDUGYYauf6oin+GIGNJB3awBs5JFe6KBEoXK5p0yq7RgbyDYDzxXDbVH3C//wsNCNhy5JaEXy5zkmKy9/QUK0kZJrZIlOubZUjTp6nn3WpWTO1ZB6mCDHfIzG8oxvfHEuoIbj4tg53e3pGMwcbqaHihJK11Iu4MllUruJPmD0EJ2ZnCYLppbnXgjO+F69CO7qH3kL95KZtO4drG5KKukGs5+4hJT0XY7/DxFpGj+8VuC+QxrNED1OY02/aIo66ctiYxqjbJmEADrYFl0RMAK4M/nZkVVHJgItbnjAXe431uuB9HOCo9KoosXk9UFTmAagZAjbGEPB8aPfcWrna7RHZU6EqYcbyiUZV7KoDvSR0CDn7jozBGZTxepNch+xEtiCIVfYdQV/Zs3Z/8Aq/+sYPs2onfwThQiXUPP3rZAoRn+wkD1LNSGEiolcaUUeVRcB1x3mk3k78o6e+BbRfcBX1Mh06X9cfJ9vl5OAp8XjyJNH1Qj8p8edNaS41D3AcIs3d//kU7gtObE2a43PzqurLnXL8+cOt9Kft2vQOOJFtC1IIURifa1lHFIp7Dcec7kXJCKfq3sq4DvBLaTYXRWUwrMuZhJZY5JsoARIzY/WilB5JbIa0p1ZZD+Zv27ss6Gn9OBlmf9XXMttTl25qUhRf14D38iq/mUEwnf8fnvZr9zxwIWRUtTxJWLPWQ8AaOfVjIu9aBUwjxkzYkTedXBG8ieFo;
path=/; domain=.snip
Content-Length: 200
Content-Type: text/html
Location: https://snip/idc/personal
Via: 1.1 snip (Apache/1.3.26), 1.1 snip (Apache/1.3.26)
X-Cache: MISS from snip, MISS from snip
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY>
Temporarily moved to <A
HREF="https://snip/idc/personal";>https://snip/idc/personal</A>
</BODY>
</HTML>
HTTP/1.1 302 Moved Temporarily
Date: Wed, 28 Aug 2002 15:01:29 GMT
Server: SilverStream Server/10.0
Set-Cookie: SMCHALLENGE=; path=/; expires=Fri, 01-Mar-2002 14:01:29 GMT;
domain=.snip
Set-Cookie: FORMCRED=; path=/; expires=Fri, 01-Mar-2002 14:01:29 GMT;
domain=.snip
Set-Cookie:
SMIDENTITY=Vs6407c1lXJiKeWX4fYbEBbnxJOFZ18aYEWIwk+2wcVltlQCo6E9r37Az3Ha5x3OSryoxI5zxR+TVux5P+cFbB/hRNeLhr0ep3J3F+WYRjLpZYaeHxrFyBfBa6q7VJ0yiwLue5DjYQHgG1Mi+TApaslb4mR6tKV3qcyGmkYnuY3qn3fCUERSQCjnCE1hOWN1vd7Q4xPdoEbwayIdE1rQ+ryGPjpKRCQ5MHwyUcHQ9zuRTu4ZWqPpoH9y50JcLBzd1dhjKJXmxrqnOyI2dSx5FyCCExRZHkp2S7DlYe0pkmePgeqUd8IAEmYgeQPXLg187EQ31VB4/3LB9SWea97LwsRZVbWtS2MapiqqxcI2+q7WaK/smQau6UvcPqzDsPvXY93HdBVaz2DJz/8OsW7bvGlVqM1+JmSKk3SKZEoP17fkYfpIEV4hBvujf8RqfOm7qHoPEiiaekpcNSXouezufIG7quSa0PIGZVM1VtiTzQ+GsO6Yicjt+pxXqTBQ9kO292hOscUomKjJJWA+NfKvxxhtyiQR8g55QMr7QXgViLvVQtvbzcMFnuKjw9xKXmWz9qhsEuo6mmCNJ/gW29mCy43VpR4OJacI;
expires=Fri, 27-Aug-2004 14:01:29 GMT; path=/; domain=.snip
Set-Cookie:
SMSESSION=QRfBfLkrG5F/H1ynXFJtYDVXq7vG5PyxWRLO3PD6THAUx5eve2uFAKQ39i+BSt2/PqcYNU4c7xIQ+tbZctlE6wki6TSEEzY9Pwa1fC3u/v26NF8COx6rQomSCUKevXmZblNvauKlKkUkWpdg6G8/i9CUYGDX7JY7MdW2ZvSY0eRjezZJIUp1pBuBV7cuNmMc2XXEilpbEYDzuml7lXz/kWoMuZiSI+X1Ejk/iJl2Z47i/YXsSonJVoHJ6I65iTK9PQhvzT1ZHXMamgPyeHH5vjOOERYWlZ9ow/40yOFWz106VfgxK06gjQ4ZYnouHMtfjPkcA3h+k7seFeu9hnxMCn0dJ++0x53ACQJeBiZADxTwsojUvI2FtdGcqLABkmSo8JdFZUajwUDJHRyZOcie5c0MkHgnYQo3qNw/UtbNUrTOcIZFyDIypEwltfjq3Xqmh29VeQCBf6meWv7/6KchZxPvFPXeqqjcpCLTIG5Qb8qq09LvM2k7mi43OdQfhgLa7IxxPkNr/M+3JOOq1ObcM6KTRK81c52ZIxjDFd+SKL6c/AUjadS1UQkej17Tzy93+Ltl9Wj2z4ydZ07upKAvvAR3kjTfiXDuMXKXOzKsC/Un3dPBmw35momlOjOb5OS6oi8RW8HfeWpGNMZOheY0CEkaUr/lDMPzkQZGqq5uHQoMj0Xcg7u3WfbUmfUpyTQTKZ6vwmza/5+bmC25ePopkT+DwrsOpF6GjbdeiM9GCRkHBMRNqUOcxnblU4SKd0F88Gnql5uyP7EWO85e7D2WN+9kUu/lB6boIIDaNoI9beoW7uWzMAdAO8kI+KeOw9KGqvQeAojSXHJ0JZLe/YDYjzcVR9U80fuHNtDdMaVX2IlO3k/j5ubxrjG06tMAlO2W;
path=/; domain=.snip
Content-Length: 200
Content-Type: text/html
Location: https://snip/idc/personal
Via: 1.0 snip (Apache/1.3.12), 1.0 snip (Apache/1.3.26)
X-Cache: MISS from snip
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY>
Temporarily moved to <A
HREF="https://snip/idc/personal";>https://snip/idc/personal</A>
</BODY>
</HTML>
