Apache reverse proxy - ProxyPassReverseCookieDomain not seeming to work
11,720
The ProxyPassReverseCookieDomain
directive has syntax:
ProxyPassReverseCookieDomain internal-domain public-domain [interpolate]
Just like in this example for ProxyPassReverse
, the order is reversed (back-end first):
ProxyPass "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverse "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverseCookieDomain "backend.example.com" "public.example.com"
ProxyPassReverseCookiePath "/" "/mirror/foo"
Related videos on Youtube
Author by
mminnie
Updated on September 18, 2022Comments
-
mminnie over 1 year
I can't seem to get the Apache directive
ProxyPassReverseCookieDomain
to actually rewrite the domain.My directive is set as such:
ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com"
I use the Network tab in a browser and I can see the
Set-Cookie
domain is not being altered. I see the Set-Cookie domain as eitherthepublicdomain.com
or.thepublicdomain.com
. I have tried addingProxyPassReverseCookieDomain "myinternalproxydomain.com" ".thepublicdomain.com"
I have searched and read the documentation, however I am failing to see why the domain of the cookie is not being set.
<VirtualHost *:443> DocumentRoot /var/www/myinternalproxydomain.com ServerName myinternalproxydomain.com SSLEngine on SSLCertificateFile /etc/ssl/certs/my.crt SSLCertificateKeyFile /etc/ssl/private/my.key SSLCACertificateFile /etc/ssl/certs/my.ca-bundle SSLProxyEngine On ProxyRequests Off ProxyHTMLEnable On ProxyPreserveHost Off ProxyHTMLInterp On ProxyHTMLExtended On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass "/" "https://thepublicdomain.com/" ProxyPassReverse / https://thepublicdomain.com/ ProxyPassReverseCookiePath / / ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com" ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com" ProxyPassReverseCookieDomain "myinternalproxydomain.com" ".thepublicdomain.com" DirectorySlash On ProxyHTMLURLMap "https://thepublicdomain.com" "/" <Proxy *> AddDefaultCharset off Order deny,allow Deny from all Allow from all DirectorySlash On </Proxy> <Location /> ProxyHTMLEnable On ProxyPassReverse "/" ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com" ProxyPassReverseCookieDomain "myinternalproxydomain.com" ".thepublicdomain.com" ProxyHTMLURLMap https://thepublicdomain.com / RequestHeader unset Accept-Encoding </Location> <Directory "/var/www/myinternalproxydomain.com"> AllowOverride All Order allow,deny allow from all Options FollowSymLinks </Directory> </VirtualHost>
Can anyone enlighten me on where I should look to debug this issue?
-
mminnie almost 6 yearsMy example server domains maybe weren't clear in my question (now edited). I have the correct order of the ProxyPassReverseCookieDomain.
-
Esa Jokinen almost 6 yearsCould you share the whole
VirtualHost
block, please. -
mminnie almost 6 yearsEdited original question to include entire VirtualHost block
-
Esa Jokinen almost 6 yearsNow read my answer again. You currently have the backend last while it should be first.
-
Esa Jokinen almost 6 yearsAlso, remove all the noise. You set same directives multiple times. That way you'll never know what did what.
-
mminnie almost 6 yearsI believe the backend
myinternalproxydomain.com
is first. I renamed the servers in my example to be more clear. I look at theNetwork
tab in Google Chrome DevTools and see the domain is unchanged for theSetCookie
-
Esa Jokinen almost 6 yearsRename it as many times as you want, but if it comes second in
ProxyPass
it should be first inProxyPassReverseCookieDomain
. Have you even once tested with my solution? -
mminnie almost 6 yearsThanks for the help Esa. The order didn't change the cookie until I cleaned up and remove the "noise". Once I removed the unnecessary duplicate directives the
ProxyPassReverseCookieDomain
began to work...on at least one of the two cookies. One cookie has the domain.public.com
and the other haspublic.com
. The one with the leading.
changed and the other did not. My proxy now appears to work regardless of the domain of the unchanged cookie. Thanks for the patience.