Re: [users@httpd] mod_redirect X POST Method

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/23/06, Fabricio Luiz Machado <soproman@xxxxxxxxxxxx> wrote:
Hi all!

 I have an application hosted in two servers:

https://server1.mydomain.com/app
https://server2.mydomain.com/app

 The client have a system (not a browser) that must access the
application and send username and password through a POST method,
conectiong at:

  http://app.mydomain.com


  The two server above are responding for "app.mydomain.com", because I
have an DNS round-robin environment.

 On both servers, i have a rewrite configuration:

on server1:
<VirtualHost xx.xx.xx.xx:80>
    ServerName app.mydomain.com
    RewriteEngine On
    RewriteCond          %{HTTPS} !=on
    RewriteRule ^/(.*) https://server1.mydomain.com/app [L,R,NC]
</VirtualHost>

on server2:
<VirtualHost xx.xx.xx.xx:80>
    ServerName app.mydomain.com
    RewriteEngine On
    RewriteCond          %{HTTPS} !=on
    RewriteRule ^/(.*) https://server2.mydomain.com/app [L,R,NC]
</VirtualHost>

   The rewrite is working very fine for years, but in this case not,
because the application is not receiving the POST information (username
and password.
   Is there a workaround for this problem ?

This is a bad idea for a couple reasons.  First, the initial POST will
be sent in-the-clear (unencrypted), so you've blown your security.
Second, browser handling of redirected POST requests is very uneven
and unreliable.  For a full discussion, see:
http://ppewww.ph.gla.ac.uk/~flavell/www/post-redirect.html

According to his testing, you may have more success if you use R=307.
But it just isn't a good idea.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux