httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From solprovi...@apache.org
Subject Re: [users@httpd] Setting cookies from proxied backend
Date Thu, 17 Jul 2008 15:20:53 GMT
On 7/17/08, jamanbo jamanbo <jamanbo@googlemail.com> wrote:
>  My question is Is it possible to set up an Apache proxy of another
>  server in such a way that the proxy is invisible, in terms of cookies
>  at least? I.e. when I visit my proxy I want cookies from the backend
>  to get set exactly as if I had visited the backend directly
>  (by-passing the proxy).
>
>  I've been using a test configuration which I will show below. I picked
>  two big sites to test on. They appear to have been lucky choices as
>  they seem to exhibit different behaviour.
>
>  In the first case, I proxy www.espn.go.com and it appears that (some)
>  cookies from that site get set when I visit my proxy.
>
>  However in the second case, when I proxy www.amazon.com and visit my
>  proxy, I don't see any cookies (although the headers do contain
>  Set-Cookies).
>
>  Can somebody tell me if I am trying to do something impossible. Will
>  browser security features prevent cookies for www.espn.go.com being
>  set when I visit localhost:3333/espn? Or is my set up just wrong?
>
>  This is the test config if you want to try it:
>
>  Listen 3333
>  <VirtualHost *:3333>
>   ServerName localhost
>   DocumentRoot /var/www/revoxy
>
>   ProxyPreserveHost On
>   <proxy>
>     Order deny,allow
>     Allow from all
>   </proxy>
>
>   # Cookies from espn get set
>   <LocationMatch /espn/>
>     ProxyPass http://www.espn.go.com/
>     ProxyPassReverse /
>     # ProxyPassReverseCookieDomain espn.go.com localhost
>   </LocationMatch>
>
>   # Cookies from amazon don't get set
>   <LocationMatch /amazon/>
>     ProxyPass http://www.amazon.com/
>     ProxyPassReverse /
>     # ProxyPassReverseCookieDomain amazon.com localhost
>   </LocationMatch>
>  </VirtualHost>
>
>  Desperatley awaiting your advice,
>  JMBO!

Cookies are set for the parent domain part of the server name.  The
Cookie for "espn.example.com" is set at ".example.com".

Cookies cannot be set at the TLD level. Default domain no-name servers
("example.com") cannot use Cookies because the Cookie would be set at
the ".com" TLD.  This may be the problem in your second example.

"localhost" should not work (although I have not tested lately).  You
should configure a server name for testing.  If httpd is responding to
all requests without virtual servers, you can configure the server
name in hosts (Windows) or resolv.conf (*nix).

I use the following in a virtual server configuration to proxy to an
application server firewalled from the Internet and runnng on port
8000 on the same hardware server.  I use RewriteRule instead of
ProxyPass to pass incoming requests to the application server.
        ProxyPassReverseCookieDomain 127.0.0.1 www.example.com
        ProxyPassReverse /       http://10.1.1.1:8000/
The application sends Cookies as 127.0.0.1.  The first line translates
the Cookies to be from www.example.com.  Browsers will save the Cookie
at the next level (".example.com") and send the Cookie with every
request to *.example.com.  A server name at the same level must be
specified.  Requests to "example.com" and
"server.subdomain.example.com" will not include the Cookie.

HTH,
solprovider

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message