On 7/17/08, jamanbo jamanbo <jamanbo@xxxxxxxxxxxxxx> wrote: > My question is Is it possible to set up an Apache proxy of another > server in such a way that the proxy is invisible, in terms of cookies > at least? I.e. when I visit my proxy I want cookies from the backend > to get set exactly as if I had visited the backend directly > (by-passing the proxy). > > I've been using a test configuration which I will show below. I picked > two big sites to test on. They appear to have been lucky choices as > they seem to exhibit different behaviour. > > In the first case, I proxy www.espn.go.com and it appears that (some) > cookies from that site get set when I visit my proxy. > > However in the second case, when I proxy www.amazon.com and visit my > proxy, I don't see any cookies (although the headers do contain > Set-Cookies). > > Can somebody tell me if I am trying to do something impossible. Will > browser security features prevent cookies for www.espn.go.com being > set when I visit localhost:3333/espn? Or is my set up just wrong? > > This is the test config if you want to try it: > > Listen 3333 > <VirtualHost *:3333> > ServerName localhost > DocumentRoot /var/www/revoxy > > ProxyPreserveHost On > <proxy> > Order deny,allow > Allow from all > </proxy> > > # Cookies from espn get set > <LocationMatch /espn/> > ProxyPass http://www.espn.go.com/ > ProxyPassReverse / > # ProxyPassReverseCookieDomain espn.go.com localhost > </LocationMatch> > > # Cookies from amazon don't get set > <LocationMatch /amazon/> > ProxyPass http://www.amazon.com/ > ProxyPassReverse / > # ProxyPassReverseCookieDomain amazon.com localhost > </LocationMatch> > </VirtualHost> > > Desperatley awaiting your advice, > JMBO! Cookies are set for the parent domain part of the server name. The Cookie for "espn.example.com" is set at ".example.com". Cookies cannot be set at the TLD level. Default domain no-name servers ("example.com") cannot use Cookies because the Cookie would be set at the ".com" TLD. This may be the problem in your second example. "localhost" should not work (although I have not tested lately). You should configure a server name for testing. If httpd is responding to all requests without virtual servers, you can configure the server name in hosts (Windows) or resolv.conf (*nix). I use the following in a virtual server configuration to proxy to an application server firewalled from the Internet and runnng on port 8000 on the same hardware server. I use RewriteRule instead of ProxyPass to pass incoming requests to the application server. ProxyPassReverseCookieDomain 127.0.0.1 www.example.com ProxyPassReverse / http://10.1.1.1:8000/ The application sends Cookies as 127.0.0.1. The first line translates the Cookies to be from www.example.com. Browsers will save the Cookie at the next level (".example.com") and send the Cookie with every request to *.example.com. A server name at the same level must be specified. Requests to "example.com" and "server.subdomain.example.com" will not include the Cookie. HTH, solprovider --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx