On Wed, 9 Jul 2008 11:28:37 -0500
"Scott Moseman" <scmoseman@xxxxxxxxx> wrote:
> ProxyPass / http://remoteserver/portal/
> ProxyPassReverse / http://remoteserver/portal/
> RewriteCond %{REQUEST_URI} ^/portal/(.*)
> RewriteRule ^/portal/(.*) /$1 [R]
>
> Website form:
>
> <form name="loginForm" method="post" action="/portal/login.do">
>
> Logins fail (packet captures show a GET was made).
>
> I'm making the assumption that the /portal/ being included in the FORM
> ACTION of the portal website is the cause of the Apache proxy and
> redirect sending a GET instead of a POST. Is this normal behavior for
> Apache?
Nothing to do with Apache, it's your browser. You configured
Apache to throw away the POST data and send a redirect, and the
browser is doing what it's told.
The browser couldn't re-post without prompting the user, and
advising them their data were being posted elsewhere. That
would be a huge security hole.
> Is there something else I can do in the config to combat this
> problem? The reason for the Rewrite rules is that the sites (well, at
> least the portal site) makes literal references using that path, and I
> need to hide them.
Whatever you can hide, Scammers&Phishers-Inc can hide too.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|