Welcome! Log In Create A New Profile

Advanced

Re: Proxy domain rewrite using proxy_cookie_domain

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
February 15, 2016 08:08AM
Hello!

On Mon, Feb 15, 2016 at 01:29:01AM -0500, nitin wrote:

> Thanks for reply.
> In case client is just a browser then it will send all the cookies with NGIX
> domain which means that NGIX will send all the cookies to backend server
> irrespective of who initially set it in set-cookie header.. This could be a
> security issue then.

For sure - if you are using untrusted backend servers in your
domain this can be a security issue. Regardless of what nginx
does, actually - just Set-Cookie may be enough to be an issue.
Moreover, any javascript returned by a backend server will be able
to read all cookies as well.

Of course this should be considered when using multiple backend
servers within a single domain.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Proxy domain rewrite using proxy_cookie_domain

nitin February 12, 2016 02:22PM

Re: Proxy domain rewrite using proxy_cookie_domain

Maxim Dounin February 12, 2016 08:56PM

Re: Proxy domain rewrite using proxy_cookie_domain

nitin February 15, 2016 01:29AM

Re: Proxy domain rewrite using proxy_cookie_domain

Maxim Dounin February 15, 2016 08:08AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 314
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready