Re: [users@httpd] Reverse proxing through apache where backend server users cookie authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/18/05, Ranjan, Rajiv <Rajiv.Ranjan@xxxxxxxxxxxx> wrote:
> Hi Boyle,
> 
>         I added CO flag to my rewrite rule and checked in the browser to see if the cookies were created. They were not.
> 
> I am sending you the conf snippet I am using. Can you please tell where am I going wrong in it?
> 
> <VirtualHost <apache server ip:port>>
>         ServerName <apache server ip>
>         ProxyVia on
>         RewriteEngine on
>         RewriteLog logs/rajiv_rewrite.log
>         RewriteLogLevel 9
>         Redirect / http://<apache server ip:port >/wps/portal
>         RewriteRule ^/wps(.*)
>                 http://<my backend server ip and port>%{REQUEST_URI}
>                  /http/<apache server ip:port>/wps/portal/$1    [P,CO=JSESSIONID:%{HTTP_COOKIE}:<backend server domain, eg -            .dev01.tesco.org>,CO=LtpaToken:%{HTTP_COOKIE}:.dev01.tesco.org]
> </VirtualHost>

The domain part in your cookie needs to be the domain as the browser
sees it, not the hostname of your backend server.

Suppose you have www.mydomain.com, and this is proxied to
backendservers backend1.mydomain.com and backend2.mydomain.com.
The applications on the backend servers need to set cookies where
domain=www.mydomain.com. Would the application set a cookie with for
example "domain=backend1.mydomain.com" then the browser receives a
cookie for another machine than the one it thinks its connected too,
and ignores it.

When the backend application sends a valid cookie there is nothing you
need to do with it in the rewrite rules.

Another tip: Get yourself firefox with the "LiveHTTPHeaders" addon.
That way you can see what headers (incl cookies) your browser gets,
and what it sends back to the server upon the next request.

Krist

-- 
krist.vanbesien@xxxxxxxxx
Solothurn, Switzerland

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux