do you think this?
# Generated by iptables-save v1.3.1 on Fri Oct 21 15:21:54 2005
*mangle
:PREROUTING ACCEPT [2497:834932]
:INPUT ACCEPT [2477:831704]
:FORWARD ACCEPT [19:3172]
:OUTPUT ACCEPT [2598:846827]
:POSTROUTING ACCEPT [2617:849999]
COMMIT
# Completed on Fri Oct 21 15:21:54 2005
# Generated by iptables-save v1.3.1 on Fri Oct 21 15:21:54 2005
*nat
:PREROUTING ACCEPT [6:789]
:POSTROUTING ACCEPT [74:4434]
:OUTPUT ACCEPT [69:3693]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8081 COMMIT
# Completed on Fri Oct 21 15:21:54 2005
# Generated by iptables-save v1.3.1 on Fri Oct 21 15:21:54 2005
*filter
:INPUT ACCEPT [2477:831704]
:FORWARD ACCEPT [19:3172]
:OUTPUT ACCEPT [2598:846827]
COMMIT
# Completed on Fri Oct 21 15:21:54 2005
Henrik Nordstrom írta:
On Tue, 1 Nov 2005, Senthil Murugan wrote:
the original website that he/she was trying to access. But this time
the browser will not send the cookie credentials bcos, the is a
different domain. You explained as, "since the proxy has the full
control of the traffic passing thru it, it can play games on the
browser and issue cookie for all the visited domains". But with this,
only the proxy can add the credentials but what actually needed is,
only the proxy needs the credentials from the browser. How come the
works or i am not understood clearly?
There is always the domain of the proxy, to which the browser sends
it's cookies. To transport the session cookie to another domain a
double redirect is used via the proxy domain, temporarily carrying the
session details in an "magic" URL to the visited domain which then
issues the cookie and redirects back to the originally requested page
on the same domain.
I have done this kind of solutions for reverse proxies using Squid,
and it is not hard (you only need a HTTP server maintaining the
session, and a little thinking on how to use external acls). Only
difficulty wrt doing it in a forward proxy is that you need to modify
the proxy to not forward the session cookie to the requested site and
for this some new Squid modifications will be needed (i.e. the
filtering of the cookie is not possible with what is available for
Squid today)
Regards
Henrik
_____________ NOD32 1.1269 (20051031) Információ _____________
Az üzenetet a NOD32 antivirus system megvizsgálta.
http://www.nod32.hu
