httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart van der Schans <sch...@hippo.nl>
Subject Re: Mod_proxy_http ProxyErrorOverride eating cookies
Date Wed, 05 Apr 2006 07:39:52 GMT
Jeff Tharp wrote:
> Folks,
> I just wanted to add my voice to this issue.  We've ran into this bug
> when trying to reverse proxy a number of applications, including IBM
> WebSphere Proxy Server, SAP E-Recruiting, and Roller.  In each case, we
> had ProxyErrorOverride set to On so we could intercept any errors from
> the back-end servers.  But turning this on caused us to loose cookies
> set during authentication, breaking the login process.  I think the
> trick of setting a cookie as part of an HTTP redirect during login is
> common among Java apps such as these.  This has been a hurdle that has
> slowed the implementation of Apache 2.2 as a reverse proxy in front of
> our external-facing sites.  Has a formal bug been opened on this?  It
> would be great to see this fixed before the next release of Apache.

I didn't open a formal bug for this issue, but maybe somebody else has
already done it. If not, should I create one?

Bart

> 
> Thanks,
> Jeff Tharp
> System Administrator
> ESRI - Redlands, CA
> http://www.esri.com
> 
> From Bart van der Schans:
>> Hi,
>>
>> The "ProxyErrorOverride On" setting is correctly catching the errors
>> from the (reverse) proxied server. Only, it overrides too much IMHO.
>> Right now it overrides anything that's not in the 2xx range, 
>> but I think
>> it should allow also the 3xx range for redirects etc.
>>
>> A commonly used "trick" is to set a cookie with a 302 header so the
>> browser gets redirected to the page which "needs" the cookie. 
>> When using
>> ProxyErrorOverride, mod_proxy_http sets its own headers and the cookie
>> is lost.
>>
>> The attached patch check not only for ap_is_HTTP_SUCCESS but also for
>> ap_is_HTTP_REDIRECT which should solve the problem.
>>
>> Thanks,
>> Bart van der Schans
>>
>> -- 
>>
>> Hippo
>> Oosteinde 11
>> 1017WT Amsterdam
>> The Netherlands
>> Tel  +31 (0)20 5224466
>> -------------------------------------------------------------
>> schans@hippo.nl / http://www.hippo.nl
>> --------------------------------------------------------------


-- 

Hippo
Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel  +31 (0)20 5224466
-------------------------------------------------------------
schans@hippo.nl / http://www.hippo.nl
--------------------------------------------------------------

Mime
View raw message