origin-cookie-redirect might go into a loop with Mozilla Firefox and Google Chrome for certain domains because these browsers reject cookies set by the ProxySG

book

Article ID: 167754

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

origin-cookie-redirect might go into a loop with Mozilla Firefox and Google Chrome for certain Third Level Domains because these browsers reject cookies set by the ProxySG.

The list of affected TLDs can be found at http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 (currently redirects to https://publicsuffix.org/list/effective_tld_names.dat)

For example :

No.     Time     Source                Destination           SrcPort DstPort Protocol Info
      3 0.025    10.10.10.103          10.10.10.10           1605    8080    HTTP     GET http://www.wa.gov.au/ HTTP/1.1
      6 0.028    10.10.10.10           10.10.10.103          8080    1605    HTTP     HTTP/1.1 302 Found (text/html)
     14 0.089    10.10.10.103          10.10.10.10           1606    8080    HTTP     GET http://sg200/?cfru=aHR0cDovL3d3dy53YS5nb3YuYXUv HTTP/1.1
     15 0.090    10.10.10.10           10.10.10.103          8080    1606    HTTP     HTTP/1.1 401 Unauthorized (text/html)
     23 2.693    10.10.10.103          10.10.10.10           1607    8080    HTTP     GET http://sg200/?cfru=aHR0cDovL3d3dy53YS5nb3YuYXUv HTTP/1.1
     24 2.696    10.10.10.10           10.10.10.103          8080    1607    HTTP     HTTP/1.1 302 Found (text/html)
     34 2.757    10.10.10.103          10.10.10.10           1608    8080    HTTP     GET http://www.wa.gov.au/?bcsi-ac-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA= HTTP/1.1
     36 2.759    10.10.10.10           10.10.10.103          8080    1608    HTTP     HTTP/1.1 302 Found (text/html)
     43 2.832    10.10.10.103          10.10.10.10           1609    8080    HTTP     GET http://www.wa.gov.au/ HTTP/1.1
     44 2.832    10.10.10.10           10.10.10.103          8080    1609    HTTP     HTTP/1.1 302 Found (text/html)

Frame #34 :
GET http://www.wa.gov.au/?bcsi-ac-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA= HTTP/1.1
Host: www.wa.gov.au
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,zh-hk;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive

Frame #36 :
HTTP/1.1 302 Found
Location: http://www.wa.gov.au/
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NON ADM OUR STP COM"
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-AC-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA=; Path=/; Domain=.wa.gov.au    <<<<<
Connection: close
Content-Length: 634

Frame #43 (no BCSI-AC-* cookie) :
GET http://www.wa.gov.au/ HTTP/1.1
Host: www.wa.gov.au
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,zh-hk;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive

Resolution

This has been addressed by B#198772 in SG 6.5.4.1.

SG 6.4.x and earlier SGOS versions are still affected by this.

Workaround

1. Use Internet Explorer to access the list of affected domains.

2. Use origin-ip-redirect for the list of affected domains.

Feedback

thumb_up Yes

thumb_down No