In traefik 2.6 it is possible to choose which HTTP headers are logged. Is it also possible to log a specific cookie value as with Apache and NGINX?
Related
My setup is as follows:
client -> proxy(dnsname eg. https://test.com) -> Jetty webapp(1.2.3.4)
The webapp sends a redirect response back (to an authentication webapp) to the client. It automatically points to the proxy via dnsname eg. https://proxy/auth and cannot be configured further.
The issue with this is the webapp will pass redirects back to the client and the client cannot resolve https://proxy as I can't make it a dns entry. Is it then possible for the proxy to intercept the traffic from the webapp (https://proxy) and change it to https://test.com? Even better can the proxy autodetect the entry dns name and append it to any responses from the webapp?
I'd envisioned the following:
client request https://test.com/page1-> hits proxy which resolves to webapp -> webapp gives redirect response via https://proxy/auth -> proxy intercepts and changes redirect to https://test.com/auth
I need this so that everything behind the proxy isn't machine nor ip specific. I can shift and deploy to any environment.
I figured this out eventually. You can just modify the redirect headers in the location field.
Header edit Location "(^http[s]?://proxy)" "https://whatevernameyouwant"
I have a myapp.war deployed on my Wildfly 10.1.0 server, All http request are redirected to https using the 8443 port.
Is there a configuration in Wildfly to make an exception for a specific URL ?
For example I'd like that http://localhost:8080/myapp/unprotected doesn't redirect to https://localhost:8443/myapp/unprotected.
Thanks,
You specify security constraints as described in The Java EE 6 Tutorial, Volume I.
One for the protected and one for the unprotected resources. For the latter you omit the user-data-constraint.
I am not quite clear about the idea whether the Kestrel server needs to be encrypted as a localhost server.
I use Apache with HTTPS as the proxy server for Kestrel server. Does it require to run https in Kestrel as well? In theory, what passes through the Apache proxy server (HTTPS enabled) should be encrypted, right?
Please shed some light if you have any ideas.
No, you don't have to encrypt the traffic between Apache and Kestrel. The apache (or nginx or IIS) will be the SSL termination point.
However what you need to make sure is
that Apache correctly sets the forwarded headers (x-forwarded-* headers)
kestrel is correctly configured to use these headers (UseIISIntegration already does that) or register the app.UseForwardedHeaders(); middleware which also registers them
Without either one, your requests will fail if the controllers/actions are marked with [RequireHttps] attribute
My Apache Tomcat is running behind an Apache httpd web server connected via mod_jk.
When a browser requests https page (rather than http) as its first session request, Tomcat sends a session cookie with secure flag which makes user's logged in session unavailable for http pages later.
How can I remove session cookies' secure flag using mod_header?
I already tried to add an option into web.xml like below.
<session-config>
<cookie-config>
<secure>false</secure>
</cookie-config>
</session-config>
However, it doesn't work. I guess this option doesn't make servlet request not secure, and Tomcat will put the secure flag on session cookies unless both context's session config and servlet request are not secure.
Here is my own solution added to httpd-vhost.conf for now:
Header edit* Set-Cookie "(JSESSIONID=.*)(; Secure)" "$1"
I setup the squid with "HTTPS/SSL Interception" in pfsense and install the ca for all clients. Now it can log all the https request to access.log file. But it can only log the URLs of https requests, i wanna get to know if it can log the web content of request and response? Thanks.
You can refer squid log format directive. It controls the log format and if something which you want is not available there, you can apply patch
http://www.squid-cache.org/Doc/config/logformat/