/ Zope / Apsis / Pound Mailing List / Archive / 2004 / 2004-12 / Pound stripping cookie headers

[ << ] [ >> ]

[ Any progress on Pound + Apache2 + WebDAV / Greg ... ] [ X-Forwarded-for missing / Michal ... ]

Pound stripping cookie headers
Eric Pierce <epierce(at)usf.edu>		 2004-12-15 14:59:50 [ FULL ] 
I've been testing pound for a few weeks and I keep running into some  
trouble.  I've got Squirrelmail running on three machines (2 RHE 3, 1  
solaris 9) with a solaris 9 machine running pound.  I've modified  
Squirrelmail to use Mysql sessions and the system works fine, most of  
the time.  My problem is that some of the headers that pass back and  
forth between the client and the backend servers get stripped out by  
pound, which is breaking the user's session and locking them out of  
Squirrelmail until they delete their cookies.  How can I get pound to  
leave all data as it is and not strip out anything?

This is a typical log message when a user get locked out:
Dec 15 08:25:25 roach.acomp.usf.edu pound: [ID 702911 daemon.warning]  
bad header from 68.200.68.225  
(e%20---------------------------- 
%20%0D%0ASubject%3A%20RE%3A%20Dr.%20Ann%20Fabian%20suggested%20we%20cont 
act%20you.%0D%0AFrom%3A%20%20%20%20%22Leah%20Dilworth%22%20%3CLeah.Dilwo 
rth(at)liu.edu%3E%0D%0ADate%3A%20%20%20%20Mon%2C%20December%2013%2C%202004% 
204%3A56%20pm%0D%0ATo%3A%20%20%20%20%20%20sbirchle(at)mail.usf.edu%0D%0A--- 
-----------------------------------------------------------------------% 
0D%0A%0D%0ADear%20Susan%20and%20Karen%2C%0D%0A%0D%0AThanks%20for%20your% 
20nice%20message.%0D%0A%0D%0AI%20might%20be%20interested%2C%20but%20may% 
20I%20see%20your%20abstracts%20and%20maybe%20a%20few%20words%20about%20t 
he%20scope%20of%20the%20panel%3F%0D%0A%0D%0AThere%27s%20something%20I%20 
worked%20on%20a%20while%20back%20and%20would%20like%20to%20return%20to%3 
A%20I%27m%20interested%20in%20the%20Cliff%20Dwellers%20as%20a%20sort%20o 
f%20trope%20at%20the%20turn%20of%20the%20twentieth%20century.%20It%20cro 
ps%20up%20in%20all%20kinds%20of%20place

My pound.cfg is :
ListenHTTPS 131.247.100.116,444 /usr/local/etc/mailbox.pem  
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
LogLevel 3

UrlGroup ".*"
BackEnd 131.247.100.47,81,1
BackEnd 131.247.100.91,81,1
BackEnd 131.247.100.92,81,1
#Session COOKIE SQMSESSID 28800
Session IP 120
EndGroup


-Eric



########################################################
Eric Pierce, RHCE                  Phone: (813) 974-8868
Academic Computing                 Fax:   (813) 974-1799
University of South Florida        Email: epierce(at)usf.edu
Re: Pound stripping cookie headers
Robert Segall <roseg(at)apsis.ch>		 2004-12-15 20:50:18 [ FULL ] 
On Wednesday 15 December 2004 14.59, Eric Pierce wrote:[...]

Compile Pound with the unsafe option (./configure --enable-unsafe). This 
should allow your headers through.

I can't however guarantee that they would be long enough - for that you would 
have to modify the source manually (see MAXBUF in pound.h).[...]
Re: Pound stripping cookie headers
Eric Pierce <epierce(at)usf.edu>		 2004-12-16 15:24:29 [ FULL ] 
Thanks Robert,

Reconfiguring with --enable-unsafe and increasing MAXBUF seem to have  
resolved it.

-Eric

########################################################
Eric Pierce, RHCE                  Phone: (813) 974-8868
Academic Computing                 Fax:   (813) 974-1799
University of South Florida        Email: epierce(at)usf.edu

On Dec 15, 2004, at 2:50 PM, Robert Segall wrote:
[...][...][...]
MailBoxer