httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Tharp" <jth...@esri.com>
Subject RE: Mod_proxy_http ProxyErrorOverride eating cookies
Date Tue, 04 Apr 2006 23:36:13 GMT
Folks,
I just wanted to add my voice to this issue.  We've ran into this bug
when trying to reverse proxy a number of applications, including IBM
WebSphere Proxy Server, SAP E-Recruiting, and Roller.  In each case, we
had ProxyErrorOverride set to On so we could intercept any errors from
the back-end servers.  But turning this on caused us to loose cookies
set during authentication, breaking the login process.  I think the
trick of setting a cookie as part of an HTTP redirect during login is
common among Java apps such as these.  This has been a hurdle that has
slowed the implementation of Apache 2.2 as a reverse proxy in front of
our external-facing sites.  Has a formal bug been opened on this?  It
would be great to see this fixed before the next release of Apache.

Thanks,
Jeff Tharp
System Administrator
ESRI - Redlands, CA
http://www.esri.com

>From Bart van der Schans:
> Hi,
> 
> The "ProxyErrorOverride On" setting is correctly catching the errors
> from the (reverse) proxied server. Only, it overrides too much IMHO.
> Right now it overrides anything that's not in the 2xx range, 
> but I think
> it should allow also the 3xx range for redirects etc.
> 
> A commonly used "trick" is to set a cookie with a 302 header so the
> browser gets redirected to the page which "needs" the cookie. 
> When using
> ProxyErrorOverride, mod_proxy_http sets its own headers and the cookie
> is lost.
> 
> The attached patch check not only for ap_is_HTTP_SUCCESS but also for
> ap_is_HTTP_REDIRECT which should solve the problem.
> 
> Thanks,
> Bart van der Schans
> 
> -- 
> 
> Hippo
> Oosteinde 11
> 1017WT Amsterdam
> The Netherlands
> Tel  +31 (0)20 5224466
> -------------------------------------------------------------
> schans@hippo.nl / http://www.hippo.nl
> --------------------------------------------------------------

Mime
View raw message