On Thu, 12 Jul 2007 11:29:57 -0300 SOPRO <soprobr@xxxxxxxxx> wrote: > Hi all, > > I have the following scenario in my httpd.conf file: > > <VirtualHost xxx.xxx.xxx.xxx:80> > ServerName myapp.domain.com > RewriteEngine On > RewriteCond %{HTTPS} !=on > RewriteRule ^/(.*) https://secure.domain.com/myapp/$1 [L,R,NC] > </VirtualHost> > > My clients must submit a form (POST method) to "myapp.domain.com", > but when redirect occurs apache losts the submited values. That is particularly pointless. The data have already been POSTed over the wire unencrypted for all to see, and now you're asking the client to re-post them encrypted. What actually happens is up to the browser, and how the user reacts to the security messages. If the data should be secure, you need to use the https address in the first place. It's also over-complex to use three lines of mod_rewrite where a single Redirect would do the same job for less effort. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx