On Thu, Dec 15, 2011 at 10:59 AM, Christoph Pilka <christoph.pilka@xxxxxxxxxxxxxx> wrote: > Howdy, > > according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol" which makes sense in certain circumstances because of sensitive data the HTTPS request would hand over. But is there any way to configure the HTTPS site's Apache to strip down this behaviour and tell the web server to only deliver the hostname within the referer header? In our case we need some kind of solution to pass-through the referer to external HTTP sites for evaluation purposes. Our site uses purely HTTPS. Many thanks in advance for any hints. > > Cheerio, > Chris > No, there is no way for a http server to tell a client "Actually, go ahead and disobey that RFC". Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|