www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Foust, Adam G." <agfo...@tva.gov>
Subject RE: Siteminder/mod_proxy issues
Date Thu, 29 Aug 2002 12:44:45 GMT
> Does anyone know a browser-like test tool which handles
> SSL and shows the actual data including headers ? I might
> even build one myself, since debugging these issues is
> now quite a pain in the *ss. I know there is an SSL ca-
> pable wget, but it's pretty irritating with cookies etc.

I ran into exactly this problem. I believe you would either
have to capture the SSL traffic at the application level on
the server or client, before or after it's encrypted/
decrypted; sniffers and intermediate proxies cannot decode
SSL. This is by design.

I use a commercial tool called TracePlus/WebDetective for
Windows platform.
http://www.sstinc.com/home_winsock.html
It's shareware (costs about $200 US to register) and is a
very good tool. There may be others, but I haven't found
any. It intercepts the traffic at the desktop level before
it's encrypted and will capture the headers and data flow
for any winsock-based application, not just browsers (e.g.
this works for Mozilla, IE, Acrobat, etc).

My main workstation platform is Linux, but the majority of
our end users are Win32 IE 5 and 6, so I run the TracePlus
tool on a diagnostic Windows laptop. It would be very nice
to discover a way to do this sort of SSL sniffing in a
cross-platform manner (Linux, Solaris, HP/UX, etc).


-----Original Message-----
From: Martijn Schoemaker [mailto:martijn@osp.nl] 
Sent: Thursday, August 29, 2002 7:28 AM
To: modproxy-dev@apache.org
Subject: Re: Siteminder/mod_proxy issues

Hi,

We use SM 4.51 and not yet the QMR4 web-agent. Will install
and try this out right away. In any case, this does not seem
to be a mod_proxy problem anyway. I did some more checking
and the browser problems are probably caused by the Set-Cookie
headers which are set multiple times. Also, the Cookies them-
selves for the user that works are smaller that the ones for
the user that don't work and this prolly gives strange effects
in IE (who whould have guessed ? :))

Anyway, this seems more like a SM/Cookie/RFC issue and has no
further relation with mod_proxy.

Thanks all who replied for the input, and if insights change
y'all will hear from me :)

Greetings,
Martijn Schoemaker

P.S.: Does anyone know a browser-like test tool which handles
      SSL and shows the actual data including headers ? I might
      even build one myself, since debugging these issues is
      now quite a pain in the *ss. I know there is an SSL ca-
      pable wget, but it's pretty irritating with cookies etc.

"Foust, Adam G." wrote:

> We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I
have
> not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
> with the QMR4 apache webagent. I've observed some strange URL rewriting
> issues involved with multi-domain sign-on and using cookie providers, but
> nothing that can't be worked around.
>
> Our setup is basically apache reverse-proxies (mod_proxy) behind F5
> load-balancers. The reverse-proxies chain through intermediate firewalls
> through another (forward) mod_proxy to backend DMZ servers.
>
> I have been tracing HTTP headers and have not yet seen the behavior you
> describe. Are you running SiteMinder 5.0?
>

--
You have reached the end of the message.
Press [t] to go to the top of this message, or [c] to close it.




Mime
View raw message