proxy_cookie_path / proxy_cookie_domain and custom cookie fileds

[Tux12Fun@…]

Hi,
currently I have to hide a web-page behind nginx but this website is using a cookie to set the redirect URL after the login and for other pages. I know a ugly solution, but I can't change the 3th party product.

In my Browser this looks like this:
(RESPONSE-HEADER WebTools Google Chrome)

set-cookie: Replicate.3552.Redirect=/attunityreplicate/2021.5.0.1011/; Path=/attunityreplicate; HttpOnly

as I have to reverse proxy 3 of this instances on one host(domain) and port(443) I built
sub locations to host this 3 instances like this:

location ^~ /ate01/ {
proxy_set_header                 Host $http_host;
proxy_set_header                 X-Real-IP $remote_addr;
proxy_ssl_verify                 off;
proxy_set_header                 X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header                 X-Forwarded-Host $host:$server_port;
proxy_set_header                 X-Forwarded-Proto $scheme;
proxy_set_header                 X-Forwarded-Server $host;
proxy_set_header                 X-Original-URI $request_uri;
proxy_hide_header                'access-control-allow-origin';
proxy_hide_header                X-Frame-Options;
proxy_hide_header                x-content-type-options;
proxy_hide_header                x-xss-protection;
sub_filter                       '/attunityreplicate' '/ate01/attunityreplicate';
sub_filter_types *;
sub_filter_once                  off;
proxy_cookie_path                ~*/attunityreplicate(.*) /ate01/attunityreplicate$1;
rewrite                          ^/ate01/(.*)$  /$1  break;
proxy_pass                       https###10.x.x.xxx:3552/;
proxy_redirect                   /attunityreplicate https://our.domain.com/ate01/attunityreplicate;
proxy_redirect                   https###our.domain.com/attunityreplicate https###our.domain.com/ate01/attunityreplicate;
}

Replaced : with ### because got the TAC Message max URLs reached

With the proxy_cookie_path parameter i was able to transform the cookie to this.

(RESPONSE-HEADER WebTools Google Chrome)

set-cookie: Replicate.3552.Redirect=/attunityreplicate/2021.5.0.1011/; Path=/ate01/attunityreplicate; HttpOnly

but how can i rewrite the Replicate.3552.Redirect= Part to /ate01/attunityreplicate/.... .

Even after looking into the nginx source code i wasn't able to find a solution, but I have seen in ngx_http_proxy_module.c line 2742 a compare to "path" case insensitive, 2727 a compare to domains. So I wonderd if it would possible to provide a more generic method to lookup cookie keys with a regex and use a search and replace regex with backrefs.

Or I'm totally wrong and the development Team of nginx has already implemented a proper solution to solve this,
that I haven't found?

[Maxim Dounin]

It looks like you are trying to rewrite data in the cookie itself, not the cookie attributes. This is not something you can do with proxy_rewrite_cookie_* directives.

Likely a working solution for your particular use case can be provided by hiding the cookie completely with proxy_hide_header Set-Cookie; and providing a replacement header with add_header Set-Cookie ...; instead, based on the ​$upstream_http_set_cookie and/or ​$upstream_cookie_* variables appropriately modified using ​map.

Also it might be a good idea to actually implement appropriate modifications in the upstream server instead of trying to "fix" things in nginx. If that's not possible, consider using dedicated subdomains for each upstream instance. Trying to do anything but trivial modifications on the nginx side is believed to be almost always a bad idea in the long run.

If you need further help with configuring nginx, consider using ​support options available.