www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martijn Schoemaker <mart...@osp.nl>
Subject Re: Siteminder/mod_proxy issues
Date Fri, 30 Aug 2002 09:27:28 GMT
Hi,

Checked them and limits are set to 8Kb and looking at the header
sizes they don't exceed that.

I did some other testing however and I don't think we are going
to like this...

I put back an old libproxy.so from our (working) version shipped
with apache 1.3.12 into apach 1.3.26. And when I sniff the whole
kit'n kaboodle again I don't see the cookie duplication! If I put
back the version of 1.3.26, I DO see cookie duplication!

Does anybody know what might cause this ? I know siteminder depends
on a patch which inserts an : ap_overlay_tables() statement which
is already in the version of 1.3.26. Has something been changed in
relation to passing headers to other modules ? Might this statement
now causing headers to be added twice ?

Cheers,
Martijn Schoemaker

Dirk-Willem van Gulik wrote:

> Be aware that it *is* possible to get SM to produce a cookie sooooo big
> that it hits the 1024 (or wathever) single MIME line length limit of
> apache. See
>
>         LimitRequestLine (http_core.c)
>         LimitRequestFieldsize (http_core.c)
>
> and friends for more info.
>
> Dw.
>
> On Thu, 29 Aug 2002, Martijn Schoemaker wrote:
>
> > Hi,
> >
> > We use SM 4.51 and not yet the QMR4 web-agent. Will install
> > and try this out right away. In any case, this does not seem
> > to be a mod_proxy problem anyway. I did some more checking
> > and the browser problems are probably caused by the Set-Cookie
> > headers which are set multiple times. Also, the Cookies them-
> > selves for the user that works are smaller that the ones for
> > the user that don't work and this prolly gives strange effects
> > in IE (who whould have guessed ? :))
> >
> > Anyway, this seems more like a SM/Cookie/RFC issue and has no
> > further relation with mod_proxy.
> >
> > Thanks all who replied for the input, and if insights change
> > y'all will hear from me :)
> >
> > Greetings,
> > Martijn Schoemaker
> >
> > P.S.: Does anyone know a browser-like test tool which handles
> >       SSL and shows the actual data including headers ? I might
> >       even build one myself, since debugging these issues is
> >       now quite a pain in the *ss. I know there is an SSL ca-
> >       pable wget, but it's pretty irritating with cookies etc.
> >
> > "Foust, Adam G." wrote:
> >
> > > We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have
> > > not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
> > > with the QMR4 apache webagent. I've observed some strange URL rewriting
> > > issues involved with multi-domain sign-on and using cookie providers, but
> > > nothing that can't be worked around.
> > >
> > > Our setup is basically apache reverse-proxies (mod_proxy) behind F5
> > > load-balancers. The reverse-proxies chain through intermediate firewalls
> > > through another (forward) mod_proxy to backend DMZ servers.
> > >
> > > I have been tracing HTTP headers and have not yet seen the behavior you
> > > describe. Are you running SiteMinder 5.0?
> > >
> >
> > --
> > You have reached the end of the message.
> > Press [t] to go to the top of this message, or [c] to close it.
> >
> >
> >
> >

--
You have reached the end of the message.
Press [t] to go to the top of this message, or [c] to close it.



Mime
View raw message