Hi Andre,
Thanks for your reply!
----------quote---------------
> However, when my application generates a 304 http response (NOT
> MODIFIED) and litespeed send it to the apache proxy, apache seems to
> remove the header.
How did you make sure of this ?
----------unqoute------------
To check the http response headers, I used firebug in firefox. When I
only use litespeed to serve the application, I do get the P3P header
in the 304 reply. When I put the apache2 mod_proxy_balancer in front
of it, the header disappears. This is my proxy config:
####################################################
#
# test.myhost.com
#
####################################################
<VirtualHost x.x.x.x:x>
ServerName ssl_test.myhost.com
ServerAlias test.myhost.com
DocumentRoot /var/www/myhost/test/public/
SSLEngine On
SSLProxyEngine On
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /maintenance.html [L]
ProxyPass / balancer://ssl_test.myhost.com/
ProxyPassReverse / balancer://ssl_test.myhost.com/
ProxyPreserveHost on
Header set X-Proxied Yes
<Proxy balancer://ssl_test.myhost.com>
BalancerMember http://x.x.x.x
</Proxy>
SSLCACertificateFile /var/www/ssl/myhost.com/ca.myhost.com.crt
SSLCertificateFile /var/www/ssl/myhost.com/myhost.com.crt
SSLCertificateKeyFile /var/www/ssl/myhost.com/myhost.key
ErrorLog /var/www/log/myhost-error_log
CustomLog /var/www/log/myhost-access_log combined
</VirtualHost>
quote
Which version of Apache are you using ?
unqoute
I'm using Apache/2.2.3 on a Debian Lenny machine
----------quote---------------
> Because this
> web-application is integrated into another web application using an
> iFrame, and because most of the users use IE 7.0, I have to set a P3P
> CP="CAO PSA OUR" header in all http responses in order to maintain my
> cookie on the browser.
I never heard before of an obligation to set some P3P header to force
a browser to keep a cookie.
----------unqoute------------
I've been testing this for two days. Whenever a 304 response without a
P3P header is sent to IE7, my user is logged out because all cookie
data was cleared. When I sent a 304 response with the P3P header or
when I turned of caching using the apache proxy config beneath, the
application just worked fine. I'm not a big fan of this P3P stuff, but
its the only way to make IE7 work.
BrowserMatch ^.*MSIE 7\.0.*$ ie
Header unset ETag env=ie
Header set Cache-Control "max-age=0, no-cache, no-store,
must-revalidate" env=ie
Header set Pragma "no-cache" env=ie
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT" env=ie
----------quote---------------
Looking at the HTTP RFC 2626, section "10.3.5 304 Not Modified", it
seems to say that the set of allowable HTTP headers for a 304 response
is quite limited.
----------unqoute------------
I'm aware or this RFC, and I will not deny that something seems to be
messed up here. Nevertheless I was hoping there is a way to make
apache proxy ignore this restriction as it is just forwarding the
responses of a third party.
Cheers,
Samuel
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|