httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] Reverse proxing through apache where backend server users cookie authentication
Date Tue, 19 Jul 2005 05:54:12 GMT
On 7/18/05, Ranjan, Rajiv <Rajiv.Ranjan@in.tesco.com> wrote:
> Hi Boyle,
> 
>         I added CO flag to my rewrite rule and checked in the browser to see if the cookies
were created. They were not.
> 
> I am sending you the conf snippet I am using. Can you please tell where am I going wrong
in it?
> 
> <VirtualHost <apache server ip:port>>
>         ServerName <apache server ip>
>         ProxyVia on
>         RewriteEngine on
>         RewriteLog logs/rajiv_rewrite.log
>         RewriteLogLevel 9
>         Redirect / http://<apache server ip:port >/wps/portal
>         RewriteRule ^/wps(.*)
>                 http://<my backend server ip and port>%{REQUEST_URI}
>                  /http/<apache server ip:port>/wps/portal/$1    [P,CO=JSESSIONID:%{HTTP_COOKIE}:<backend
server domain, eg -            .dev01.tesco.org>,CO=LtpaToken:%{HTTP_COOKIE}:.dev01.tesco.org]
> </VirtualHost>

The domain part in your cookie needs to be the domain as the browser
sees it, not the hostname of your backend server.

Suppose you have www.mydomain.com, and this is proxied to
backendservers backend1.mydomain.com and backend2.mydomain.com.
The applications on the backend servers need to set cookies where
domain=www.mydomain.com. Would the application set a cookie with for
example "domain=backend1.mydomain.com" then the browser receives a
cookie for another machine than the one it thinks its connected too,
and ignores it.

When the backend application sends a valid cookie there is nothing you
need to do with it in the rewrite rules.

Another tip: Get yourself firefox with the "LiveHTTPHeaders" addon.
That way you can see what headers (incl cookies) your browser gets,
and what it sends back to the server upon the next request.

Krist

-- 
krist.vanbesien@gmail.com
Solothurn, Switzerland

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message