stackoom
  简体   繁体   中英

Modify header cookies for static assets on tomcat and proxied with apache httpd

 原文  2020-10-22 14:35:58       java/ apache/ header/ tomcat8/ httpd.conf

Question

We have a java servlet based application (very old code base), which is served with tomcat 8 with Apache httpd 2.4.43 and mod_proxy. Application has some static assets (CSS, CS, IMAGES) bundled with the java web application.

I am trying to modify the Header cookie for these assets by adding apache rule, but it seems, may be this is not working as the files are not within apache level ?

<FilesMatch ".(js|css)$">
Header edit Set-Cookie (.*) "$1;HttpOnly;Secure;SameSite=Strict"
</FilesMatch>

I tried adding the rule, without FilesMatch condition and it worked, but that's not what I need. Any thoughts on how to get this done on Apache level. Here is excerpt from the httpd conf

<VirtualHost *:443>

        DocumentRoot "/apps/httpd/htdocs1"
        ServerName www.mydomain.com
        ServerAlias mydomain.com

        RewriteEngine on
        RewriteCond %{REQUEST_URI}    ^/version$
        RewriteRule ^/.*$             /version.html  [R=301,L]

   
      RewriteCond %{HTTP_HOST} !^www\. [NC]
      RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=302,L]


   <Proxy balancer://${HOSTNAME}-http-cluster>

        Header add Set-Cookie "MYAPP_SESSION=jacplus.%{BALANCER_WORKER_ROUTE}e;path=/;"

              BalancerMember http://myhost-002:31080 min=1 max=1000 loadfactor=1 retry=1 timeout=240 route=myhost-002
              BalancerMember http://myhost-003:31080 min=1 max=1000 loadfactor=1 retry=1 timeout=240 route=myhost-003


   </Proxy>

   ProxyPass / balancer://${HOSTNAME}-http-cluster/ stickysession=MYAPP_SESSION  lbmethod=byrequests
   ProxyPassReverse / balancer://${HOSTNAME}-http-cluster/ stickysession=MYAPP_SESSION

   <Location /balancer-manager>
    SetHandler balancer-manager
    Order deny,allow
    Deny from all
    Allow from 10.25.0.0/16
   </Location>
...

</VirtualHost>

1 answers

solution1
 0  2020-10-31 22:10:06

From the apache documentation of mod_header :

Conditionally send MyHeader on the response if and only if header MyRequestHeader is present on the request. This is useful for constructing headers in response to some client stimulus. Note that this example requires the services of the mod_setenvif module.

 SetEnvIf MyRequestHeader myvalue HAVE_MyRequestHeader Header set MyHeader "%D %t mytext" env=HAVE_MyRequestHeader

From the documentation of rewrite flags

With the [E], or [env] flag, you can set the value of an environment variable. Note that some environment variables may be set after the rule is run, thus unsetting what you have set. See the Environment Variables document for more details on how Environment variables work.

Combining both, you may modify header conditionally when path match a js or css file :

RewriteRule ^.*\.(js|css)$ - [E=SET_COOKIE:true]
Header edit Set-Cookie (.*) "$1;HttpOnly;Secure;SameSite=Strict" env=SET_COOKIE

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Does Tomcat require Apache httpd? apache httpd and tomcat: call tomcat features? How do Apache httpd and Tomcat work together? Connection between Apache Httpd and Eclipse Tomcat (Windows 7) Apache.Httpd+Php or Apache.Tomcat+Java for large project Configure secured websockets using Apache httpd 2.4.6 and Tomcat 8 WebSocket connection interrupted when Apache HTTPD in front of Tomcat Apache httpd can't serve files generated by Tomcat spring mvc - Separating static content from jBoss (Apache httpd upfront) How do you programmatically configure static assets in Tomcat 8?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM