Attempt to spoof header (Shib-Cookie-Name) was detected

reda sabir sabiretude at gmail.com
Tue Oct 4 11:49:53 EDT 2016


>
> You haven't answered my question why you don't just have both vhosts point
> to the same resource


Yes I did, I can't do that because Liferay (the framework of the
application protected) use the fqdn of the request to show the result. So
if I had just used a reverse proxy configuration instead of rewriting URL,
it won't work because portal.example.com is not developped in Liferay. So,
we have to fork the implementation and each time we change a site, we need
to do the same for the other which is a lot work and a bad idea too.

2016-10-04 17:40 GMT+02:00 Peter Schober <peter.schober at univie.ac.at>:

> * reda sabir <sabiretude at gmail.com> [2016-10-04 17:32]:
> > Of course, disabling protection from cookie theft is very bad idea and
> > should be avoided.An other solution would be to have a list of exceptions
> > like 127.0.0.1. So is there any way to do that, or is it not developed
> yet?
>
> You haven't answered my question why you don't just have both vhosts
> point to the same resource (DocumentRoot or scipt or whatever) without
> any proxying ("rewriting", in your own words).
> That's more efficient, easier to configure and does not artificially
> create cookie problems and weakened security as a result.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20161004/6f74a6dd/attachment-0001.html>


More information about the users mailing list