Setting method of cookie domain when IIS implements reverse proxy

Time:2020-1-10

Reverse proxy

Is Shenma a reverse agent? It refers to that the proxy server accepts the connection request on the Internet, then forwards the request to the server on the internal network, and returns the result obtained from the server to the client requesting the connection on the Internet. At this time, the proxy server acts as a server externally. We can use reverse proxy to achieve load balancing, break through firewall restrictions and other very practical web server functions. At present, reverse proxy is widely used in both private and public cloud virtual machines.

Quote

IIS can realize reverse proxy through URL rewriting and forward requests to other internal sites through simple configuration.

At this time, the domain of cookies of all sites being proxied will be automatically set as the domain of sites providing reverse proxy function, which is generally no problem. But there are problems when sharing cookies across multiple sites.

For example, there is an external domain name proxy.firelysoft.net, which points to a site providing reverse proxy; then there is a domain name pay.firelysoft.net, which points to an independent IIS site to provide payment services; then proxy.firelysoft.net/mall provides mall services, where users need to jump to pay.firelysoft.net to pay after placing an order;

In order to realize the user state sharing between these two sites, we hope that they can share the sessionid. This value is saved in the cookie, so in fact, we expect to share the cookie. Sharing the cookie can be achieved by setting the domain of cookies in different sites to the same value.

For example, we hope that the cookie domain values of proxy.firelysoft.net and pay.firelysoft.net are both firelysoft.net, so that the user status of proxy.firelysoft.net can be used by pay.firelysoft.net. However, it faces the problem of automatic setting of cookie domain of reverse proxy site mentioned above.

On this issue, most of the schemes that can be searched on the Internet are nginx. In fact, IIS URL rewriting is also supported, but the number of users may be relatively small, so no information can be found.

This solution was found on the IIS forum. Someone asked the same question: https://forums.iis.net/t/1193378.aspx. Instead of giving a direct answer, the post refers to a scheme that uses URL rewriting to set cookie httponly:

Using the URL Rewrite module to set your cookies to HttpOnly

You can read the original text if you are interested. The solution will be given directly below.

The rules of URL rewriting will be saved in web.config. Because setting cookies belongs to the outbound rules of URL rewriting, you can directly add relevant configurations in the outbound rules:


<rewrite>  
<outboundRules>    
<rule name="Add Domain" preCondition="No Domain">
     <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
     <action type="Rewrite" value="{R:0}; domain=fireflysoft.net" />
     <conditions>
     </conditions>
    </rule>
    <preConditions>
     <preCondition name="No Domain">
      <add input="{RESPONSE_Set_Cookie}" pattern="." />
      <add input="{RESPONSE_Set_Cookie}" pattern="; domain=.*" negate="true" />
     </preCondition>
    </preConditions>
  </outboundRules>
 </rewrite>

There are two parts in the code:

First of all, preconditions: set the cookie when responding, and do not set the cookie domain;

Then there is the processing rule rule: for the cookie set in response, rewrite the cookie and increase the setting of domain.

In this way, the cookie domain is set as the target value, so that the cookie can be shared among the secondary domain names.

summary

The above is the whole content of this article. I hope that the content of this article has a certain reference learning value for everyone’s study or work. If you have any questions, you can leave a message and exchange. Thank you for your support for developepaar.