[users@httpd] Apache 2.2 mod_headers: "RequestHeader edit" vs. environment variables

[Felix Almeida <Fe...@rci.rogers.com>]

Hello,

First of all, let me give you some context. The Apache 2.2's webpage
which describes mod_headers' "RequestHeader" directive says
(specifically for the "edit" action):

	RequestHeader edit header value replacement
[early|env=[!]variable]
	If this request header exists, its value is transformed
according to a regular expression search-and-replace. The value argument
is a regular expression, and the replacement is a replacement string,
which may contain backreferences. Both a value and a replacement are a
regular expression and a replacement string respectively.

That's fine, but I faced a situation in my production environment where
I had two JSESSIONIDs defined in the "Cookie" header (don't ask me why)
and this was confusing the load balancing algorithm
(mod_proxy_balancer). Without getting into too much details, what I had
to do was to clean up the "Cookie" header to leave there only the
JSESSIONID that I need. This is how I thought I could do that:

	SetEnvIf Cookie "JSESSIONID=([^;]+\.server.)" MYSESSIONID=$1
	RequestHeader edit Cookie "(^JSESSIONID=[^;]+; |;
JSESSIONID=[^;]+)" ""
	RequestHeader edit Cookie "(.*)" "$1;
JSESSIONID=%{MYSESSIONID}e" env=MYSESSIONID

The first two lines above work fine, but unfortunately the last one
doesn't because the "RequestHeader edit" directive cannot reference
environment variables in its replacement string (why?). :~(

If I understood correctly what the webpage mentioned above says, the
replacement string is just that (a fixed string) which may also contain
backreferences to groups in the value's regular expression, however,
since I was trying to append the content of an environment variable
there (in this case MYSESSIONID), I ended up with, for instance, the
following result (which is not what I wanted):

	Cookie: language=en;
JSESSIONID=KKb2Ry1NJTw8tWznLH2hLCkSTkq0nnyKwSys0MbSxLvymKb89Cgn!-2531024
50; customer_type=Residential; JSESSIONID=%{MYSESSIONID}e

I was looking for something like this:

	Cookie: language=en;
JSESSIONID=KKb2Ry1NJTw8tWznLH2hLCkSTkq0nnyKwSys0MbSxLvymKb89Cgn!-2531024
50; customer_type=Residential;
JSESSIONID=60685FA3BC4F0345196D00BFBFBFFC79.server2

Please, would it be possible to add this capability to the
"RequestHeader edit" directive so we would be able to use environments
variables inside the replacement string as well?

Thanks a lot!

PS: I'm running Apache 2.2.3 on RHEL 5.7


This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pièces jointes) est confidentiel, exclusif, et peut faire l’objet de droit d’auteur et de privilège juridique; aucun droit connexe n’est exclu. Si vous n’êtes pas le destinataire visé ou son représentant, toute étude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut être illégale. Tous les messages peuvent être surveillés, selon les lois et règlements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas sécurisés et vous êtes réputés avoir accepté tous les risques qui y sont liés si vous choisissez de communiquer avec nous par ce moyen. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et supprimer ce courriel (ainsi que toutes ses pièces jointes) de tout ordinateur ou support de données sans en imprimer une copie. 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Apache 2.2 mod_headers: "RequestHeader edit" vs. environment variables

[Felix Almeida <Fe...@rci.rogers.com>]

Done: Bug 55039
Thanks Eric. That's the kind of guidance I was looking for.

Just in case someone else is having the same issue, this is how I worked
around it:

	RequestHeader edit Cookie "(^JSESSIONID=[^;]*\![^;]*; |;
JSESSIONID=[^;]*\![^;]*)" ""

However it's based on the fact that the undesired JSESSIONID cookie
contains an exclamation mark in it (it's set by Weblogic). If that
changes I'm out of luck...


-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com] 
Sent: Friday, May 31, 2013 4:04 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache 2.2 mod_headers: "RequestHeader edit"
vs. environment variables

> The first two lines above work fine, but unfortunately the last one 
> doesn't because the "RequestHeader edit" directive cannot reference 
> environment variables in its replacement string (why?). :~(

These things are not just emergent. Someone has to ask for it. Someone
else has to implement, test, and review it.

I'd suggest opening an enhancement request in bugzilla.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pièces jointes) est confidentiel, exclusif, et peut faire l’objet de droit d’auteur et de privilège juridique; aucun droit connexe n’est exclu. Si vous n’êtes pas le destinataire visé ou son représentant, toute étude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut être illégale. Tous les messages peuvent être surveillés, selon les lois et règlements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas sécurisés et vous êtes réputés avoir accepté tous les risques qui y sont liés si vous choisissez de communiquer avec nous par ce moyen. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et supprimer ce courriel (ainsi que toutes ses pièces jointes) de tout ordinateur ou support de données sans en imprimer une copie. 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache 2.2 mod_headers: "RequestHeader edit" vs. environment variables

[Eric Covener <co...@gmail.com>]

> The first two lines above work fine, but unfortunately the last one
> doesn't because the "RequestHeader edit" directive cannot reference
> environment variables in its replacement string (why?). :~(

These things are not just emergent. Someone has to ask for it. Someone
else has to implement, test, and review it.

I'd suggest opening an enhancement request in bugzilla.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org