Can Apache clean cookies from a request to specific URLs?
Perhaps you could try to use mod_headers
and:
RequestHeader unset Cookie
All credits goes to stackoverflow dudes: https://stackoverflow.com/questions/1798431/how-to-remove-a-cookie-in-apache
Michael
My name is Michael. I am the Lead Security Architect and is responsible for the security and Security Development Lifecycle (SDL) of software products. I have been very passionate about ensuring application security for over 13 years already and evangelizes about application security at various conferences (including OWASP conferences) and security meetups https://ultimatesecurity.pro/. Do not forget to follow me on Twitter @ultimatesecpro
Updated on September 18, 2022Comments
-
Michael almost 2 years
We have the following configuration:
<Directory /docs> AuthFormAuthoritative Off AuthType None Allow from all Satisfy any Options FollowSymLinks </Directory>
Problem: I do not want any cookie will be send to the Apache directory with documents (URLs started with
/docs
) even a user visit first a main site that requires the authentication.Is it possible to do with Apache? What configuration should I add?