Reverse Proxy Cookie Set and Read

Phanne · April 11, 2018, 10:55am

Have a website call a.com ,if you first time visit a.com .They read cookie “session_id”,if not equal ‘guest’ , then return http header "Host www.a.com"jump to they home url http://www.a.com, and set session_id=guest.

I tried to use header_upstream Cookie "session_id=guest",so i can reverse proxy they website.

seems everytings just fine,but when i login,it not gonna work.

because when you login success ,they will return a real session_id , but i can’t set-cookie session_id for real id.

even i can,but i hard-coded “session_id=guest” still not gonna work…

any help?

Whitestrake · April 12, 2018, 12:09am

Ahh, that sounds like a really tough problem to work around.

Spitballing, but perhaps instead of hard-coding the session_id cookie for each upstream request, you could set the cookie manually for any client that doesn’t have it and redirect them to your own site again, so they reconnnect with the cookie set to guest… That would get proxied upstream, site works as normal, and if the site overwrites the session_id it would still work just fine.

Phanne · April 12, 2018, 4:01am

First Thanks your reply.

I not really clear what you means. you mean if client didn’t have session_id then I set one for them?

but how can I know client have it or not:cold_sweat:

here is my caddy file.

http://t.mydomain.com {
#cors / {  
#    origin            http://reverse_domain.net
#    methods           POST,PUT
#    allow_credentials false
#    max_age           3600
#    allowed_headers   X-Custom-Header,X-Foobar
#    exposed_headers   X-Something-Special,SomethingElse
#}
gzip
proxy / http://reverse_domain.net {
header_upstream Host reverse_domain.net
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
header_upstream -Referer
websocket
header_upstream Cookie "SESSION_ID=guest"
#header_downstream Set-Cookie "BBSESSID_ID={~BBSESSID_ID}"
#header_downstream Set-Cookie "lang=zh-cn"
#header_downstream Set-Cookie "page_site=first"
#header_downstream Set-Cookie "selected_page=first"
#header_downstream Set-Cookie "LOGINCHK={~LOGINCHK}"
#header_downstream Set-Cookie "SESSION_ID={~SESSION_ID}"
#header_downstream +Host t.mydomain.com
#except index-test.html index.html
}

#header =/ Cookie "SESSION_ID=guest"

root /www/
filter rule {
    content_type .*
    search_pattern "reverse_domain.net"
    replacement "t.mydomain.com"
}

}

have any syntax error?

upstream Host much be they domain.if we dont,we can’t access it.

If caddy can judge client have session_id or not，maybe I can set it manualy not hard-coding.

When mu friends ask me this questions, it really spoil my life:roll_eyes:

Whitestrake · April 12, 2018, 4:24am

Yep!

I was thinking it might look something like this:

# Find clients with no session ID
rewrite {
  # Cookies will resolve to an empty
  # string if they are empty or not set.
  if {~SESSION_ID} is ""
  to /add-session-id-header
}

# Hand out a session ID
header /add-session-id-header Set-Cookie "SESSION_ID=guest"

# Direct clients to reconnect again with new session ID
redir /add-session-id-header http://{host}

Once a client goes through this process once, I expect they will reconnect again with a fresh session ID and the site should function normally, so you can remove header_upstream Cookie "SESSION_ID=guest".

This would be much easier to achieve if conditional if statements could be applied to the header directive directly - the functionality for which is actually being developed here: 'if' statements for the HTTP Caddyfile by mholt · Pull Request #1948 · caddyserver/caddy · GitHub

Not that I could see over a quick glance (I hope you don’t mind that I edited your post to put your Caddyfile in code blocks for readability - you can put backticks ``` before and after your code in future to do the same).

Whitestrake · April 12, 2018, 4:35am

Actually, I wonder if this kind of approach might work, transparently to the client:

example.com {
  root /www
  gzip

  filter rule {
    content_type .*
    search_pattern "upstream.example"
    replacement "example.com"
  }

  # Funnel guest users to special proxy
  rewrite {
    if {~SESSION_ID} is ""
    to /proxy-guest{uri}
  }
  # Special proxy appends guest session ID
  proxy /proxy-guest http://upstream.example {
    transparent
    websocket
    header_upstream -Referer
    header_upstream +Cookie "SESSION_ID=guest"
    without /proxy-guest
  }
  # Regular proxy handles users with existing session IDs
  proxy / http://upstream.example {
    transparent
    websocket
    header_upstream -Referer
  }
}

Phanne · April 12, 2018, 7:07am

Really thank you,Whitestrake.

Your cadyfile looks awesome.Maybe worked,But I didnt try yet.

Use rewrite to judge it seems good.I naver tought that .I try it later.

Its clearly.

Another one Thanks,for edited code blocks .I tried to do that ,but I did’t know how to put it in block.

Now I see,Editor support Markdown syntax rignt?

Next time I will watch out. ahaha.

Phanne · April 13, 2018, 2:48am

HI,Whiteshrake

Use rewrite set-cookie is fantasy,it worked!But I got new situations.

Here is a new problem.

When I login,they will reponse an header,Set-Cookie like

Set-Cookie: SESSION_ID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=upstream.example; HttpOnly
Set-Cookie: SESSION_ID=79b9065a45630ccbb93b6f561fe6e58751423d5a; path=/; domain=upstream.example

Is Caddy can replace the domain to mine?

If we dont replce it , website will can not read session cookie.

I tried

header_downstream -Set-Cookie "domain=upstream.example"
header_downstream +Set-Cookie "domain="

Obviouly,It not gonna worked… That will make me loose all cookie and only have Cookie domain=

Can caddy handle this situations?

Updated:
@Whitestrake

Maybe I can use placeholder,Trying…

  proxy /login http://upstream.example {
    header_upstream Host upstream.example
    header_upstream X-Real-IP {remote}
    header_upstream X-Forwarded-For {remote}
    header_upstream X-Forwarded-Proto {scheme}
    websocket
    header_upstream -Referer
    header_upstream -Server
    header_upstream +Cookie "SESSION_ID=guest"
    header_downstream +Set-Cookie "SESSION_ID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; HttpOnly"
    header_downstream +Set-Cookie "SESSION_ID={~SESSION_ID}; path=/; domain="
    header_downstream +Set-Cookie "LOGINCHK=Y; path=/; domain="
  }

Got

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 13 Apr 2018 03:31:30 GMT
Server: Caddy
Server: Caddy
Server: Apache
Set-Cookie: SESSION_ID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=upstream.example; HttpOnly
Set-Cookie: SESSION_ID=9c2040fec04e63db79f8fb0f09b19b1232e7d437; path=/; domain=upstream.example
Set-Cookie: LOGINCHK=Y; path=/; domain=upstream.example
Set-Cookie: SESSION_ID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; HttpOnly
Set-Cookie: SESSION_ID=guest; path=/; domain=
Set-Cookie: LOGINCHK=Y; path=/; domain=

ahahaha,break down…

Three Server，Double Set-Cookie.

Seems placeholder can not read value?THX

I read Documents, https://caddyserver.com/docs/placeholders

Response Placeholders seems not support Cookie…

SO how can I do that,is still have another way?

system · July 12, 2018, 2:48am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.