You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by pt...@intec.ugent.be on 2009/04/01 14:02:06 UTC

[users@httpd] Rewriting Response header from proxied server with Apache 2.0

Hello,

I'm setting up an Apache reverse proxy (for Apache 2.0.52 on RHEL4) and am
struggling with the following problem:

when mapping http://proxy/remote/ to http://remote/, I have been able to
replace all references to server remote using ProxyPass, ProxyPassReverse
and mod_proxy_html module to rewrite URLs in the HTML content.

However, the proxied application has "login" functionality and thus sets a
cookie.

While I have been working on the revrese proxy setup for the last couple
of days, I believe I'm now stuck: the proxied app is generating cookies
with domain "remote", which I want to replace with domain "proxy" so that
the client's browser will send the crorect cookie after logging in (as
opposed to being redirected to the login screen every time...).

I have googled and found content filters mod_substitute, mod_sed,
mod_ext_filter but these only change content, not response headers. I've
noticed that Apache 2.2 mod_proxy has directives to deal with cookie
domain and path - but I have Apache 20.!

Similarly, mod_headers has a "Header edit" command - but only for Apache 2.2!

So my question is: Using Apache 2.0 as a reverse proxy, how can I edit
(i.e. perform a substitution) on a response header (Set-Cookie in my case)
returned by a proxied server?

I'm thinking of something which can
1. save the contents of a response header to an environment variable
2. filter the variable
3. unset and rewrite response header using variable contents

But I'm not sure if mod_rewrite is suited to manipulations based on
RESPONSE headers (it does not seem to be).

Does anyone know of a workaround to change cookie domaisn and paths in an
Apache 2.0 reverse proxy?

Thanks,
Pieter



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Rewriting Response header from proxied server with Apache 2.0

Posted by André Warnier <aw...@ice-sa.com>.

pthyseba@intec.ugent.be wrote:
[...]
> So my question boils down to: what is a valid Apache 2.0 workaround for
> the functionality offered by proxypassreversecookiedomain and
> proxypassreversecookiepath, given that I cannot upgrade to Apache 2.2 and
> cannot modify the proxied server (e.g. change anything about the generated
> cookies) ?
> 
It seems that once again, the much-maligned language named perl, and its 
much underestimated mod_perl module, could be of help.
Do you know perl ?
Is installing mod_perl on the proxy an option ?

Now I must add, the question is, if mod_perl would be an option, then 
why would upgrading the Apache 2.0 to 2.2 not be one ?
All being considered, it's probably easier than adding mod_perl to the 
existing server.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Rewriting Response header from proxied server with Apache 2.0

Posted by Nick Kew <ni...@webthing.com>.

On 1 Apr 2009, at 15:39, pthyseba@intec.ugent.be wrote:
>
> Yes I have: it's for Apache 2.2 and does not have an equivalent in  
> Apache
> 2.0 it seems.

Somewhere in bugzilla (issues.apache.org) there's a patch for 2.0.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Rewriting Response header from proxied server with Apache 2.0

Posted by pt...@intec.ugent.be.

> On Wed, Apr 1, 2009 at 2:02 PM,  <pt...@intec.ugent.be> wrote:
>
>> However, the proxied application has "login" functionality and thus sets
>> a
>> cookie.
>>
>> While I have been working on the revrese proxy setup for the last couple
>> of days, I believe I'm now stuck: the proxied app is generating cookies
>> with domain "remote", which I want to replace with domain "proxy" so
>> that
>> the client's browser will send the crorect cookie after logging in (as
>> opposed to being redirected to the login screen every time...).
>
> Have you looked at
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain
>
> Krist


Hello Krist,


Yes I have: it's for Apache 2.2 and does not have an equivalent in Apache
2.0 it seems.

So my question boils down to: what is a valid Apache 2.0 workaround for
the functionality offered by proxypassreversecookiedomain and
proxypassreversecookiepath, given that I cannot upgrade to Apache 2.2 and
cannot modify the proxied server (e.g. change anything about the generated
cookies) ?


Kind regards,
Pieter
>
>
>
> --
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Rewriting Response header from proxied server with Apache 2.0

Posted by Tom Evans <te...@googlemail.com>.

On Wed, 2009-04-01 at 16:03 +0200, Krist van Besien wrote:
> On Wed, Apr 1, 2009 at 2:02 PM,  <pt...@intec.ugent.be> wrote:
> 
> > However, the proxied application has "login" functionality and thus sets a
> > cookie.
> >
> > While I have been working on the revrese proxy setup for the last couple
> > of days, I believe I'm now stuck: the proxied app is generating cookies
> > with domain "remote", which I want to replace with domain "proxy" so that
> > the client's browser will send the crorect cookie after logging in (as
> > opposed to being redirected to the login screen every time...).
> 
> Have you looked at
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain
> 
> Krist

OP specified he wants to do this on 2.0, which doesn't have
ProxyPassReverseCookieDomain.

As I see it, there are two solutions:
1) Use 2.2. It is what 2.0 was supposed to be anyways..
2) Get the backend server to generate the correct content for the
correct hostname. If you configure the proxy with ProxyPreserveHost, and
then configure the backend system to respond to that host name. Then, no
rewriting is required and everything will just work.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Rewriting Response header from proxied server with Apache 2.0

Posted by Krist van Besien <kr...@gmail.com>.

On Wed, Apr 1, 2009 at 2:02 PM,  <pt...@intec.ugent.be> wrote:

> However, the proxied application has "login" functionality and thus sets a
> cookie.
>
> While I have been working on the revrese proxy setup for the last couple
> of days, I believe I'm now stuck: the proxied app is generating cookies
> with domain "remote", which I want to replace with domain "proxy" so that
> the client's browser will send the crorect cookie after logging in (as
> opposed to being redirected to the login screen every time...).

Have you looked at
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain

Krist



-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org