www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Siteminder/mod_proxy issues
Date Fri, 30 Aug 2002 10:50:07 GMT

You may want to move this to dev@httpd.apache.org - this sure sounds like
something in the core being the issue.

DW.

On Fri, 30 Aug 2002, Martijn Schoemaker wrote:

> Hi,
>
> Checked them and limits are set to 8Kb and looking at the header
> sizes they don't exceed that.
>
> I did some other testing however and I don't think we are going
> to like this...
>
> I put back an old libproxy.so from our (working) version shipped
> with apache 1.3.12 into apach 1.3.26. And when I sniff the whole
> kit'n kaboodle again I don't see the cookie duplication! If I put
> back the version of 1.3.26, I DO see cookie duplication!
>
> Does anybody know what might cause this ? I know siteminder depends
> on a patch which inserts an : ap_overlay_tables() statement which
> is already in the version of 1.3.26. Has something been changed in
> relation to passing headers to other modules ? Might this statement
> now causing headers to be added twice ?
>
> Cheers,
> Martijn Schoemaker
>
> Dirk-Willem van Gulik wrote:
>
> > Be aware that it *is* possible to get SM to produce a cookie sooooo big
> > that it hits the 1024 (or wathever) single MIME line length limit of
> > apache. See
> >
> >         LimitRequestLine (http_core.c)
> >         LimitRequestFieldsize (http_core.c)
> >
> > and friends for more info.
> >
> > Dw.
> >
> > On Thu, 29 Aug 2002, Martijn Schoemaker wrote:
> >
> > > Hi,
> > >
> > > We use SM 4.51 and not yet the QMR4 web-agent. Will install
> > > and try this out right away. In any case, this does not seem
> > > to be a mod_proxy problem anyway. I did some more checking
> > > and the browser problems are probably caused by the Set-Cookie
> > > headers which are set multiple times. Also, the Cookies them-
> > > selves for the user that works are smaller that the ones for
> > > the user that don't work and this prolly gives strange effects
> > > in IE (who whould have guessed ? :))
> > >
> > > Anyway, this seems more like a SM/Cookie/RFC issue and has no
> > > further relation with mod_proxy.
> > >
> > > Thanks all who replied for the input, and if insights change
> > > y'all will hear from me :)
> > >
> > > Greetings,
> > > Martijn Schoemaker
> > >
> > > P.S.: Does anyone know a browser-like test tool which handles
> > >       SSL and shows the actual data including headers ? I might
> > >       even build one myself, since debugging these issues is
> > >       now quite a pain in the *ss. I know there is an SSL ca-
> > >       pable wget, but it's pretty irritating with cookies etc.
> > >
> > > "Foust, Adam G." wrote:
> > >
> > > > We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder.
I have
> > > > not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
> > > > with the QMR4 apache webagent. I've observed some strange URL rewriting
> > > > issues involved with multi-domain sign-on and using cookie providers,
but
> > > > nothing that can't be worked around.
> > > >
> > > > Our setup is basically apache reverse-proxies (mod_proxy) behind F5
> > > > load-balancers. The reverse-proxies chain through intermediate firewalls
> > > > through another (forward) mod_proxy to backend DMZ servers.
> > > >
> > > > I have been tracing HTTP headers and have not yet seen the behavior you
> > > > describe. Are you running SiteMinder 5.0?
> > > >
> > >
> > > --
> > > You have reached the end of the message.
> > > Press [t] to go to the top of this message, or [c] to close it.
> > >
> > >
> > >
> > >
>
> --
> You have reached the end of the message.
> Press [t] to go to the top of this message, or [c] to close it.
>
>
>


Mime
View raw message