problem with cookie domains and mod_proxy, Apache 1.3.27
am 20.03.2003 21:46:45 von Ken.WeissThis message is in MIME format. Since your mail reader does not understand
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
style=3D'font-size:10.0pt;
size=3D2 face=3DCourier>
style=3D'font-size:10.0pt;font-family:Courier'>101
style=3D'font-size:10.0pt;
style=3D'font-size:
style=3D'font-size:10.0pt;
style=3D'font-size:
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2EF21.D1CC46A0
Content-Type: text/plain
I have configured Apache 1.3.27 to operate as a reverse proxy. My proxy runs
on proxybox.schwab.com. I have a content server sitting behind it,
content.schwab.com. I can access the following URL, and it works perfectly:
http://proxybox.schwab.com/content
I get the content that is sitting on content.schwab.com. So all the reverse
proxy stuff is working fine.
Here's my problem. I use a cookie to authenticate people to
proxybox.schwab.com. This cookie has a domain of .proxybox.schwab.com, so it
should only be presented to that specific host. Web servers running on any
other host should not be able to see this cookie. But, I can see the cookie
on content.schwab.com.
It appears that mod_proxy passes all headers, including cookies with very
restrictive domains, to the content servers. Even though the cookie has a
domain set that should prevent it from going to any other servers, it still
gets passed along.
Is there any way to configure mod_proxy so it will stop doing this? Is there
any way to modify mod_proxy to filter a specific cookie from the header
before passing the request to the content server?
--Ken
------------------------------------------------------------ ---
Ken Weiss ken.weiss@schwab.com
Directory Services 415-667-1424 (voice)
Charles Schwab & Co. 415-786-1545 (cell)
SF211MN-10-353 415-667-1797 (fax)
101 Montgomery St.
San Francisco, CA 94104
WARNING: All email sent to this address will be received by the Charles
Schwab & Co., Inc. corporate email system and is subject to archival and
review by someone other than the recipient.
------_=_NextPart_001_01C2EF21.D1CC46A0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
charset=3Dus-ascii">
font-family:Arial'>I have configured Apache 1.3.27 to operate as a =
reverse
proxy. My proxy runs on proxybox.schwab.com. I have a content server =
sitting
behind it, content.schwab.com. I can access the following URL, and it =
works
perfectly:
font-family:Arial'>
font-family:Arial'>
href=3D"http://proxybox.schwab.com/content">http://proxybox. schwab.com/c=
ontent
font-family:Arial'>
font-family:Arial'>I get the content that is sitting on =
content.schwab.com. So
all the reverse proxy stuff is working fine.
font-family:Arial'>
font-family:Arial'>Here's my problem. I use a cookie to authenticate =
people to
proxybox.schwab.com. This cookie has a domain of .proxybox.schwab.com, =
so it
should only be presented to that specific host. Web servers running on =
any
other host should not be able to see this cookie. But, I can see the =
cookie on
content.schwab.com.
font-family:Arial'>
font-family:Arial'>It appears that mod_proxy passes all headers, =
including
cookies with very restrictive domains, to the content servers. Even =
though the
cookie has a domain set that should prevent it from going to any other =
servers,
it still gets passed along.
font-family:Arial'>
font-family:Arial'>Is there any way to configure mod_proxy so it will =
stop
doing this? Is there any way to modify mod_proxy to filter a specific =
cookie
from the header before passing the request to the content =
server?
font-family:Arial'>  =
;  =
;
font-family:Arial'>
font-family:Arial'>
font-family:Arial'>
font-family:Courier'>--Ken
font-family:Courier'>
font-family:Courier'>--------------------------------------- ------------=
------------
font-family:Courier'>Ken =
Weiss &=
nbsp; &=
nbsp;
ken.weiss@schwab.com
font-family:Courier'>Directory =
Services &nbs=
p; &nbs=
p; 415-667-1424
(voice)
font-family:Courier'>Charles Schwab & =
Co. &nb=
sp;
415-786-1545 (cell)
font-family:Courier'>SF211MN-10-353 &=
nbsp; &=
nbsp; =
415-667-1797
(fax)
Montgomery St
style=3D'font-size:
10.0pt;font-family:Courier'>. &=
nbsp;
font-family:Courier'>San Francisco
face=3DCourier>
style=3D'font-size:10.0pt;font-family:Courier'>,
size=3D2
face=3DCourier>
style=3D'font-size:10.0pt;font-family:Courier'>CA
size=3D2 face=3DCourier>
style=3D'font-size:10.0pt;font-family:Courier'>
size=3D2 face=3DCourier>
style=3D'font-size:10.0pt;font-family:Courier'>94104
12.0pt'>
font-family:Courier'>WARNING: All email sent to this address will =
be received
by the Charles Schwab & Co., Inc. corporate email system and is =
subject to
archival and review by someone other than the =
recipient.
12.0pt'>
------_=_NextPart_001_01C2EF21.D1CC46A0--