Welcome! Log In Create A New Profile

Advanced

Hide a request cookie in proxy_pass

August 29, 2014 11:55AM
Hi,

is it possible to hide one request cookie (but not all, so proxy_set_header Cookie "" is not the way) when proxying to an upstream server?

The use case is:

* website foo.com uses a hosted service on a subdomain, e.g. blog.foo.com hosted by Wordpress.com

* horror: MSIE will send all foo.com cookies to the subdomain too, leaking sessions (not just to Wordpress.com but to everyone because blog.foo.com does not support HTTPS), and there's no way to tell it not to

* proposed workaround: serve blog.foo.com yourself, using Nginx, HTTPS-only, proxying to the hosted service (as foo.wordpress.com, which does support HTTPS), and stripping out the parent-domain request cookies

Is there a way to do this with Nginx? A way to rewrite the Cookie header to strip out selected cookies?

Or is the only way out of this to avoid the subdomain cookie situation altogether, either by running www.foo.com instead of foo.com, or by abandoning the subdomain and using e.g. foo.com/blog/ instead?

Thanks,

Gulli
Subject Author Posted

Hide a request cookie in proxy_pass

gthb August 29, 2014 11:55AM

Re: Hide a request cookie in proxy_pass

Maxim Dounin August 29, 2014 01:28PM

Re: Hide a request cookie in proxy_pass

gthb September 02, 2014 06:16AM

Re: Hide a request cookie in proxy_pass

jwal November 14, 2016 06:14PM

Re: Hide a request cookie in proxy_pass

jwal November 14, 2016 06:16PM

Re: Hide a request cookie in proxy_pass

AntoUX November 29, 2017 11:49AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready