Hello,
I was assigned with the task of preparing a security policy for Apache HTTP
servers in my company and, despite I have a few years of experience with it
(mostly v2.2), I'd like to have a more formal reference material on which I
could base the policy.
Please, is there any good (and not s
Not sure if I understood, however:
1) No, because you are using "nofailover=On"
2) It will be lost. You have to implement clustering (session
replication) among Tomcats to keep the session active if one TC server
goes down (AND remove the nofailover from Apache).
-Original Message-
From: n
Done: Bug 55039
Thanks Eric. That's the kind of guidance I was looking for.
Just in case someone else is having the same issue, this is how I worked
around it:
RequestHeader edit Cookie "(^JSESSIONID=[^;]*\![^;]*; |;
JSESSIONID=[^;]*\![^;]*)" ""
However it's based on the fact that the un
Hello,
First of all, let me give you some context. The Apache 2.2's webpage
which describes mod_headers' "RequestHeader" directive says
(specifically for the "edit" action):
RequestHeader edit header value replacement
[early|env=[!]variable]
If this request header exists, its valu
