mod_proxy and authentication cookies

15 Oct 2004 03:34:26 -0000 

All,

We have been working on a patch to retain an
authorisation cookie from our reverse-proxy machine.

We have a host setup with a reverse-proxy server that
handles authentication and then passes off to a
middleware Apache PHP server. We are using mod_radius
on the reverse proxy server to do the authentication.
The module we use creates an authentication cookie.

When testing we found that the authentication cookie
is not retained after the response is retrieved from
the proxy module. This is a major problem because we
are using ACE/token authentication which uses one-time
passwords so silent re-authentication cannot happen.

To fix this, we have made a change to proxy_util.c
that adds any "Set-Cookie" headers in r->headers_out
to the newly defined headers_out table. We are
currently running the mod_proxy released with Apache
v2.0.46 and have patched this version. However, the
changes are simple and we should be able to apply them
to a later version if necessary.

We would like to submit this change to the group for
inclusion in later releases. Could you please let me
know the process for submitting updates and getting
them reviewed/approved for inclusion?

+    //Start patch mod_proxy cookie fix
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server,
+       "Patch mod_proxy cookie fix: "
+       "Checking through originating headers for
cookies.");
+
+    // Define our variables
+    int i;
+    const apr_table_entry_t *array_elements;
+    const apr_array_header_t *array_header;
+
+    // Get the header from the table pointer
+    array_header = apr_table_elts(r->headers_out);
+
+    // Check that the array_header is defined.
+    if(array_header) {
+        // Retrieve the array elements - array of
key/value pairs
+        array_elements = (const apr_table_entry_t *)
array_header->elts;
+
+        for(i=0; i < array_header->nelts; i++) {
+
+            if
(strcmp(array_elements[i].key,"Set-Cookie") == 0) {
+
+                apr_table_add( headers_out,
array_elements[i].key, array_elements[i].val);
+
+                ap_log_error(APLOG_MARK, APLOG_DEBUG,
0, r->server,
+                    "Patch mod_proxy cookie fix: "
+                    "found originating cookie and
added to proxied response headers: %s",
array_elements[i].val);
+            }
+        }
+    }
+
+    //patch ends


Many thanks,

Brett Beaumont


                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

Reply via email to