www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Siteminder/mod_proxy issues
Date Thu, 29 Aug 2002 17:53:15 GMT

Be aware that it *is* possible to get SM to produce a cookie sooooo big
that it hits the 1024 (or wathever) single MIME line length limit of
apache. See

	LimitRequestLine (http_core.c)
	LimitRequestFieldsize (http_core.c)

and friends for more info.

Dw.

On Thu, 29 Aug 2002, Martijn Schoemaker wrote:

> Hi,
>
> We use SM 4.51 and not yet the QMR4 web-agent. Will install
> and try this out right away. In any case, this does not seem
> to be a mod_proxy problem anyway. I did some more checking
> and the browser problems are probably caused by the Set-Cookie
> headers which are set multiple times. Also, the Cookies them-
> selves for the user that works are smaller that the ones for
> the user that don't work and this prolly gives strange effects
> in IE (who whould have guessed ? :))
>
> Anyway, this seems more like a SM/Cookie/RFC issue and has no
> further relation with mod_proxy.
>
> Thanks all who replied for the input, and if insights change
> y'all will hear from me :)
>
> Greetings,
> Martijn Schoemaker
>
> P.S.: Does anyone know a browser-like test tool which handles
>       SSL and shows the actual data including headers ? I might
>       even build one myself, since debugging these issues is
>       now quite a pain in the *ss. I know there is an SSL ca-
>       pable wget, but it's pretty irritating with cookies etc.
>
> "Foust, Adam G." wrote:
>
> > We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have
> > not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
> > with the QMR4 apache webagent. I've observed some strange URL rewriting
> > issues involved with multi-domain sign-on and using cookie providers, but
> > nothing that can't be worked around.
> >
> > Our setup is basically apache reverse-proxies (mod_proxy) behind F5
> > load-balancers. The reverse-proxies chain through intermediate firewalls
> > through another (forward) mod_proxy to backend DMZ servers.
> >
> > I have been tracing HTTP headers and have not yet seen the behavior you
> > describe. Are you running SiteMinder 5.0?
> >
>
> --
> You have reached the end of the message.
> Press [t] to go to the top of this message, or [c] to close it.
>
>
>
>


Mime
View raw message