Rewrite Apache session cookie to append 'expires' attribute - apache

I'm using Apache as a reverse proxy with forms authentication.
Using SessionMaxAge I can set the cookie to expire after 24 hours.
This renders the 'max-age' attribute into the cookie.
Unfortunately Internet Explorer only accepts the 'expires' attribute.
Is there a way to, for example, rewrite the cookie before sending it the client?
Thanks in advance.
Kind regards,
Kevin

Yes, it is possible to edit both request and response headers using the header directive in mod_headers
The best approach would probably be to use Header edit Set-Cookie ^(.*)$ $1;Expires..... However, mod_headers can't do the actual Expires sting itself (it doesn't know how to produce that date format), so you will have to actually put that inside the original cookie or another header, then grab it from there and put it into the Header directive. It's quite complicated, but it is possible.

Related

Add request-header key-value pair as a cookie

Good day,
I have a problem with converting a key-value pair within a request header into a cookie. The key-value pair is set in the header by a third-party custom apache module that I cannot access. It intercepts the request like so:
User requests www.my.domain.com/my-app/
Third-party module redirects to third-party site appends special_key=foo to the header of the original request.
Third-party redirects original request back to the original URL.
I want to then read the modified header in the now modified request and add the special_key=foo as a cookie.
How can this be accomplished?
I have tried to use the RewriteRule like so:
RewriteRule ^/apps/my-app/ - [CO=special_key:%{special_key}i:.my.domain.com:0:/:1:0]
In Javascript, the cookie's value is printed as cyin="i". Checking the cookie storage in firefox I see this value: cyin=i. Which is not correct.
I have also tried this method:
<FilesMatch "\.(html)$">
Header set Set-Cookie: "special_key=%{special_key}i; path=/; Domain=.my.domain.com; SameSite=Lax; Secure"
</FilesMatch>
In Javascript, the cookie's value is printed as cyin="i". Checking the cookie storage in firefox I see this value: cyin="i=96" or cyin="i=98". Which are not correct.
I can log the value of %{special_key}i, but I can't figure out how to get it into a cookie.
Perhaps the value isn't getting set by the time I want to put it in the cookie. Is there a way I can ensure that the value is set? Add one of these to my specific <LocationMatch "/apps/my-app/">?
Apologies if I've missed something obvious, I am still relatively new to using apache.
Thank you for any assistance.

Redirect and change the request method and content

I was reading the mod_rewrite documentation but haven't found an example to match the following scenario.
The use will try to use a GET request to /api/getCars.
On apache I need to change this request to POST method, to a different server, like https://internal_server/getAllCars, and I need to add some content on the body of this request and send it as x-www-form-urlencoded Content Type.
Which apache module do I have to use to achieve this behavior.
Can anybody provide any example?
Thanks

Apache-2.2 Set-Cookie on logic from a response header

I need to set a cookie based on a response header (as opposed to a request header). The response header is set by a SOAP call to a backend - and is out of apaches control.
I've looked into SetEnvIf, but it states that it investigate request headers only. mod_rewrite's {HTTP:parm} construct also seems to apply to request headers only.
Request coming in
Response header is generated by backend
Apache investigates respond header FooBar
Apache add Set-Cookie if the respond header FooBar value matches "string"
Any ideas out there?
It looks like this can be done with mod_headers, but unfortunately only with Apache 2.4, since expressions were only added in 2.4. You would do something like:
Header set Set-Cookie "cookie-contents-here" "expr=%{resp:Content-Type} =~ m|application/pdf|"
If you can't upgrade to 2.4, you might consider putting Varnish Cache in front of your Apache install. It's a powerful HTTP processor and can easily handle modifying the response for you. You could also implement caching with it and increase the performance of your site, but it can just be used as a pass-through HTTP processor if you don't want to do that. Perhaps there's a simpler solution but that would work.
Another option could be to put a layer in between Apache and your back-end, such as a PHP script, that handles passing the call to the back-end and modifying the headers on the way back out. Probably not great for performance though; upgrading Apache or implementing Varnish Cache would be better.
If you're using a separate back-end out of Apache's control, then you might take Apache out of the loop completely and go straight from Varnish Cache to your back-end.
Hope the ideas help.

How to add HTTP header to URL

I'm working with an API which provides a HTTP header called token with value 12abc3 and my url is https://example.com/view/quote. Is there a way by which I can add the header as a parameter in the url so that I can type it directly on my browser's address bar instead of using cURL orHurl.it??
The only way I can imagine being able to do this would be to write a small HTTP proxy that takes a specially formatted URL and extracts header values out of the URL and re-issues the request for you. I'm not aware of any service to do this automatically for you.
I think it's too late to reply but for those who still finding the solution
you can send your token through url like this
https://yoururl?Authorization=Bearer yourtokenhere

Forward custom header apache

Is it possible to forward custom http header when using redirect or rewrite on apache?
My use case is:
I am receiving a request from some.domain.com with custom http header custom-param.
I need to resend the request to another.domain.com and I need the custom header to be preserved.
How can I achieve this in Apache 2.2?
This is not possible with an arbitrary header, it would only be possible if you could settle for a cookie set against *.domain.com. Only a cookie would be re-sent after the redirect.