> Amos Jeffries wrote: >>> I've setup a reverse proxy running Squid 2.6.STABLE6 5.el5_1.2 on >>> RHEL5.1. >>> All remote access to the proxy is supposed to be via HTTPS, but since >>> some of the protected apps give out absolute URL's at HTTP, I've also >>> setup a redirector that listens on port 80 and sends a 301 redirect >>> back >>> to the client with an HTTPS version of the same URL. >>> >>> The problem I'm seeing is that whenever a CGI is called via HTTP with a >>> POST method, it gets converted to GET when the new request comes in on >>> HTTPS. This, of course, breaks the app. >>> >>> When I bypass the proxy, the HTTP POST method works just fine. Any >>> ideas >>> what might be causing the method to change or how to get around this? >>> Every web search I try comes up empty. I'm not sure if the variables >>> are >>> getting dropped in the process, or if the app just doesn't know how to >>> handle GET methods, but regardless, this is a debilitating problem for >>> this app, so I really need a solution. The app in question is Oracle >>> Collaboration Suite 10g, if it makes a difference. >> >> Sounds like a broken CGI to me. With redirection to 301:... squid should >> be actually sending the 301 back to the client for it to re-POST back to >> the new URI. > > I don't see how it can be the CGI that's at fault, because the conversion > from POST to GET is happening before the CGI ever gets hit. I think > itmust be something about the proxy, redirector, or browser that's causing > the conversion. Sorry, yes its somewhere between response squid gives and the handling of it. > > I should mention that we've experienced this with both IE 7 on WinXP and > with Firefox on Ubuntu Linux. Quite a range. Maybe it is squid. > > Has anybody seen this behavior before, or heard anything that would > indicate the conversion is a security feature? > Try squidclient -h ?? -p 80 -m POST http://... and see what squid gives back in the 301 headers. Amos
