You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Ranjan, Rajiv" <Ra...@in.tesco.com> on 2005/07/18 13:50:17 UTC

RE: [users@httpd] Reverse proxing through apache where backend server users cookie authentication

Hi Boyle,

	I added CO flag to my rewrite rule and checked in the browser to see if the cookies were created. They were not.

I am sending you the conf snippet I am using. Can you please tell where am I going wrong in it?

<VirtualHost <apache server ip:port>>
	ServerName <apache server ip>
	ProxyVia on
	RewriteEngine on
	RewriteLog logs/rajiv_rewrite.log
	RewriteLogLevel 9
	Redirect / http://<apache server ip:port >/wps/portal
	RewriteRule ^/wps(.*) 			
		http://<my backend server ip and port>%{REQUEST_URI}
		 /http/<apache server ip:port>/wps/portal/$1 	[P,CO=JSESSIONID:%{HTTP_COOKIE}:<backend server domain, eg -		.dev01.tesco.org>,CO=LtpaToken:%{HTTP_COOKIE}:.dev01.tesco.org]
</VirtualHost>

_Rajiv

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: Monday, July 18, 2005 4:25 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Reverse proxing through apache where backend server users cookie authentication

Plain text please...

The cookie is probably in the response so gets to the browser, but then does not get back to teh server via the RewriteRule.

I think you might have to copy the cookie explicitly. Check http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html and look for "cookie" for details. Something like:

	[CO=name_of_cookie:%{HTTP_COOKIE}:your_domain]

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.


-----Original Message-----
From: Ranjan, Rajiv [mailto:Rajiv.Ranjan@in.tesco.com]
Sent: Montag, 18. Juli 2005 11:54
To: users@httpd.apache.org
Subject: [users@httpd] Reverse proxing through apache where backend server users cookie authentication


Hi Guys,
 
I am trying to use apache as my reverse proxy for my backend server which uses 
Cookie based authentication.
 
I am using mod_rewrite for the proxing part and am able to come till the login page.
But am unable to login to the system. 
I suspect that it has something to do with the cookies not being reverse proxied or something.
 
I am using Apache 2..0.54 on a windows XP system.
 
Can anyone please tell me what probably could be the issue with my configuration?
 
Regards,
Rajiv.
 


---- Disclaimer ----
This is a confidential email. Tesco may monitor and record all emails. The views expressed in this email are those of the sender and not Tesco. 
Tesco Stores Limited, Tesco House, Delamare Road, Cheshunt, Herts, EN8 9SL: company number 519500.
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



-------------------Warning------------------------

This e-mail is from outside Tesco - check that it is genuine. Tesco may monitor and record all e-mails.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Reverse proxing through apache where backend server users cookie authentication

Posted by Krist van Besien <kr...@gmail.com>.

On 7/18/05, Ranjan, Rajiv <Ra...@in.tesco.com> wrote:
> Hi Boyle,
> 
>         I added CO flag to my rewrite rule and checked in the browser to see if the cookies were created. They were not.
> 
> I am sending you the conf snippet I am using. Can you please tell where am I going wrong in it?
> 
> <VirtualHost <apache server ip:port>>
>         ServerName <apache server ip>
>         ProxyVia on
>         RewriteEngine on
>         RewriteLog logs/rajiv_rewrite.log
>         RewriteLogLevel 9
>         Redirect / http://<apache server ip:port >/wps/portal
>         RewriteRule ^/wps(.*)
>                 http://<my backend server ip and port>%{REQUEST_URI}
>                  /http/<apache server ip:port>/wps/portal/$1    [P,CO=JSESSIONID:%{HTTP_COOKIE}:<backend server domain, eg -            .dev01.tesco.org>,CO=LtpaToken:%{HTTP_COOKIE}:.dev01.tesco.org]
> </VirtualHost>

The domain part in your cookie needs to be the domain as the browser
sees it, not the hostname of your backend server.

Suppose you have www.mydomain.com, and this is proxied to
backendservers backend1.mydomain.com and backend2.mydomain.com.
The applications on the backend servers need to set cookies where
domain=www.mydomain.com. Would the application set a cookie with for
example "domain=backend1.mydomain.com" then the browser receives a
cookie for another machine than the one it thinks its connected too,
and ignores it.

When the backend application sends a valid cookie there is nothing you
need to do with it in the rewrite rules.

Another tip: Get yourself firefox with the "LiveHTTPHeaders" addon.
That way you can see what headers (incl cookies) your browser gets,
and what it sends back to the server upon the next request.

Krist

-- 
krist.vanbesien@gmail.com
Solothurn, Switzerland

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org