Re: problem with cookie domains and mod_proxy, Apache 1.3.27

21 Mar 2003 07:34:05 -0000

Humm second thought, we are not running the same config, no auth is done on our reverse proxies, and I personnaly think this is not the place for auth as reverse proxies should really be transparent.

I guess the actual mod_proxy code will not enable you to fix your problem. Maybe Apache 2.0 has more features for tweaking headers.

Regards,

Mathias.

Weiss, Ken wrote: 
I have configured Apache 1.3.27 to operate as a reverse proxy. My proxy runs
on proxybox.schwab.com. I have a content server sitting behind it,
content.schwab.com. I can access the following URL, and it works perfectly:



http://proxybox.schwab.com/content <http://proxybox.schwab.com/content> 



I get the content that is sitting on content.schwab.com. So all the reverse
proxy stuff is working fine.



Here's my problem. I use a cookie to authenticate people to
proxybox.schwab.com. This cookie has a domain of .proxybox.schwab.com, so it
should only be presented to that specific host. Web servers running on any
other host should not be able to see this cookie. But, I can see the cookie
on content.schwab.com.



It appears that mod_proxy passes all headers, including cookies with very
restrictive domains, to the content servers. Even though the cookie has a
domain set that should prevent it from going to any other servers, it still
gets passed along.



Is there any way to configure mod_proxy so it will stop doing this? Is there
any way to modify mod_proxy to filter a specific cookie from the header
before passing the request to the content server?









--Ken



---------------------------------------------------------------

Ken Weiss                                  [EMAIL PROTECTED]

Directory Services                         415-667-1424 (voice)

Charles Schwab & Co.                        415-786-1545 (cell)

SF211MN-10-353                               415-667-1797 (fax)

101 Montgomery St. 

San Francisco, CA 94104



WARNING:  All email sent to this address will be received by the Charles
Schwab & Co., Inc. corporate email system and is subject to archival and
review by someone other than the recipient.





--
--  Informatique du Credit Mutuel  ----  Reseaux et Systemes Distribues
--  32 rue Mirabeau -- Le Relecq-Kerhuon -- 29808 Brest Cedex 9, FRANCE
--  Tel +33298004653 - Fax +33298284005 - Mail [EMAIL PROTECTED]
--  Key Fingerprint: 8778 D2FD 3B4A 6B33 10AB  F503 63D0 ADAE 9112 03E4

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to