httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: Rewriting incoming & outgoing headers
Date Fri, 19 Jul 2002 08:48:53 GMT wrote:

> The biggest problem we have is with redirections that are being returned
> to the browser.


> We use the Netegrity SiteMinder product to implement single sign on
> for the entire web server park. The SiteMinder web agent that is plugged
> into each web server assesses whether a user has already logged in
> (cookies) and if not redirects back to the logon web server which
> performs the logon process (with all sorts of fancy smart card
> technology if needed).
> This means that SiteMinder returns a 30x reply with a Location header
> that goes something like:
> Location:

The "return" paramter is yuck - this is what is making the wheels fall off.

Currently the ProxyPassReverse directive fixes the URLs of headers which 
are themselves URLs, but it does not fix any parameters embedded in the 
URL itself (in your case, the "return" parameter).

Does mod_rewrite not do header rewriting?

Your second problem is that SiteMinder seems to be redirecting you to 
the internal name of the authentication website. As far as Apache is 
concerned, it only knows about the *current* website. If some other 
website you redirect to (in this case the auth site) is also behind a 
hidden URL, Apache has no way of knowing this is the case.

Tell your SiteMinder agents that your login server can be found at (the external address of the login server, 
wherever that is). This will solve half your problem.

	"There's a moon
					over Bourbon Street

View raw message