On 6/23/06, Fabricio Luiz Machado <soproman@xxxxxxxxxxxx> wrote:
Hi all! I have an application hosted in two servers: https://server1.mydomain.com/app https://server2.mydomain.com/app The client have a system (not a browser) that must access the application and send username and password through a POST method, conectiong at: http://app.mydomain.com The two server above are responding for "app.mydomain.com", because I have an DNS round-robin environment. On both servers, i have a rewrite configuration: on server1: <VirtualHost xx.xx.xx.xx:80> ServerName app.mydomain.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://server1.mydomain.com/app [L,R,NC] </VirtualHost> on server2: <VirtualHost xx.xx.xx.xx:80> ServerName app.mydomain.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://server2.mydomain.com/app [L,R,NC] </VirtualHost> The rewrite is working very fine for years, but in this case not, because the application is not receiving the POST information (username and password. Is there a workaround for this problem ?
This is a bad idea for a couple reasons. First, the initial POST will be sent in-the-clear (unencrypted), so you've blown your security. Second, browser handling of redirected POST requests is very uneven and unreliable. For a full discussion, see: http://ppewww.ph.gla.ac.uk/~flavell/www/post-redirect.html According to his testing, you may have more success if you use R=307. But it just isn't a good idea. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx