httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From solprovi...@apache.org
Subject [users@httpd] Improve ProxyPassReverseDomain
Date Mon, 15 Oct 2007 12:40:50 GMT
I am trying to use ProxyPassReverseCookieDomain to reverse proxy a
server that uses Cookies without specifying DOMAIN.  Does anybody know
how?

---
[The rest of this post probably belongs on a dev ML.]

I found the code:
DOWNLOAD: httpd-2.2.6-win32-src-r2
FILE: modules/proxy/proxy_util.c
FUNCTION: ap_proxy_cookie_reverse_map()

The code works by matching strings.  There is no case for adding a
domain to the string when the incoming Set-Cookie header does not have
a DOMAIN parameter. ap_proxy_cookie_reverse_map() should be modified
to be useful when no domain and/or no path is given

--- Fixing ap_proxy_cookie_reverse_map()
According to the RFCs, DOMAIN and PATH are optional.  DOMAIN defaults
to the server name. PATH defaults to the request up to and including
the right-most /.

Cookie Domain and Path are filters so browsers only send the Cookies
to certain servers.  Domain is rewritten to include the proxy server
or to share the Cookie with the entire domain or subdomain.  Path is
rewritten to match the rewritten URL or to increase the scope by using
a shorter path.  These options are not used to make certain that
Cookies will not be returned.  Almost everybody would be satisfied if
the function just set the Domain to "domain.tld" (removing server
names and subdomains) and set the Path to "/".

BETTER SPECIFICATIONS:
ProxyPassReverseDomain uses one parameter -- the domain to put in
Cookies.  If multiple domains are listed, use last entry (for
backwards-compatibility.)  Matching is pointless -- most usecases use
shortest possible domain; the rest use the current server name.

Example:  myServer.mySubdomain.solprovider.com can only set Cookies for:
myServer.mySubdomain.solprovider.com
mySubdomain.solprovider.com
solprovider.com

Proxying Usecase: internalServer.solprovider.com =>
myServer.mySubdomain.solprovider.com
Sharing Usecase: myServer.mySubdomain.solprovider.com => solprovider.com

ProxyPassReversePath should replace beginning of path.  Better would
match configuration of RewriteRule since primary use of this statement
is to follow rewrites or proxy settings.

Example: Path=/dir1/dir2/dir3/
Sharing Usecase: May want to shorten PATH to one of:
Path=/
Path=/dir1/
Path=/dir1/dir2/
Proxying/Rewriting Usecase:  If /proxy1/* is proxied to another
server, then response may need one of:
PATH=/proxy1/dir1/dir2/dir3/
PATH=/proxy1/
PATH=/

Here is pseudocode:

ap_proxy_cookie_reverse_map(request, conf, oldHeaderValue){
   Read through oldHeaderValue{
      if(conf->domain) remove domain.
      if(conf->path) find, store, and remove path,
   }
   // ASSUME: newHeaderValue does not contain Domain.
   if(conf->path){
      If path was not found, set to path of current document.
      Compare ProxyPassReverseCookiePath strings with beginnning of
path.  Replace matched portion if found.
      newHeaderValue += newPath; //Watch semicolons
   }
   if(conf->domain) newHeaderValue += conf->domain;
   return newHeaderValue;
}

Regards,
solprovider

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message