|
I have configured Apache 1.3.27 to operate as a reverse proxy. My proxy runs on proxybox.schwab.com. I have a content server sitting behind it, content.schwab.com. I can access the following URL, and it works perfectly:
http://proxybox.schwab.com/content
I get the content that is sitting on content.schwab.com. So all the reverse proxy stuff is working fine.
Here's my problem. I use a cookie to authenticate people to proxybox.schwab.com. This cookie has a domain of .proxybox.schwab.com, so it should only be presented to that specific host. Web servers running on any other host should not be able to see this cookie. But, I can see the cookie on content.schwab.com.
It appears that mod_proxy passes all headers, including cookies with very restrictive domains, to the content servers. Even though the cookie has a domain set that should prevent it from going to any other servers, it still gets passed along.
Is there any way to configure mod_proxy so it will stop doing this? Is there any way to modify mod_proxy to filter a specific cookie from the header before passing the request to the content server?
--Ken
--------------------------------------------------------------- Ken Weiss [EMAIL PROTECTED] Directory Services 415-667-1424 (voice) Charles Schwab & Co. 415-786-1545 (cell) SF211MN-10-353 415-667-1797 (fax) 101 Montgomery St. San Francisco, CA 94104
WARNING: All email sent to this address will be received by the Charles Schwab & Co., Inc. corporate email system and is subject to archival and review by someone other than the recipient.
|
- Re: problem with cookie domains and mod_proxy, Apache 1.3... Weiss, Ken
- Re: problem with cookie domains and mod_proxy, Apach... Mathias Herberts
