Description of Problem: mod_proxy multiple-cookie is broken for ProxyPass Version-Release number of selected component (if applicable): 1.3.23 and possibly earlier, but not tested http://www.apache.org/dist/httpd/CHANGES_1.3 multiple proxy fixes post 1.3.24 patch for another proxy issue http://www.apache.org/dist/httpd/patches/apply_to_1.3.24/proxy_http1.1_chunking.patch How Reproducible: always Steps to Reproduce: 1. something like the following LoadModule proxy_module modules/mod_proxy.so ProxyPass /images/ http://images.pricegrabber.com/images/ Actual Results: Only the first cookie is passed Expected Results: All cookies passed Additional Information: see apache changelog
After security update: ==> error_log <== [Sun Jun 23 13:01:02 2002] [error] mod_ssl: Init: (myserver.pricegrabber.com:80) Unable to create SSL Proxy context (OpenSSL library error follows) [Sun Jun 23 13:01:02 2002] [error] OpenSSL: error:140A90A1:lib(20):func(169):reason(161) When both SSL and proxy are used together You can use one or the other, but not both also FYI, with php 4.2.1 , mod_SSL must be loaded before mod_PHP
mod_proxy is broken in v1.3.23 and v1.3.24. The solution is for Redhat to either release apache v1.3.26 officially, or to apply the proxy fixes committed between .23 and .26 to whatever version Redhat wants to release.
The bug in mod_proxy is infuriating, this was clearly the fault of the apache team at the time, but I have gone back to the security patched 1.3.22 version for RH7.2 on my RH7.3 box.
Currently the bugs in mod_proxy have long since been fixed in v1.3.26, which was released on 18 June. From that time it became the responsibility of Redhat to ensure the relevant fixes were released to their users. As at 3 September (2 1/2 months later) nothing has been done, in fact the status on this bug is still set to NEW. When is Redhat going to do something about this? It is a real pain.
Gah, I second the previous commentor. This makes RedHat's current Apache package useless as a front-end server to a mod_perl backend, which isn't all that uncommon a use for Apache.
I'd be nice to get current apache , mod_ssl , and php updates for RH 7.x and RH AS 2.1 . I plan on getting RH AS , but not keeping up with apache 1.3 would be a deal breaker. :(
This should be fixed in the upgrade to Apache 1.3.27 in the latest security errata: https://rhn.redhat.com/errata/RHSA-2002-222.html
Yep, it was. I had almost forgotten about this as I had "rolled my own" updated rpms Thanks,