Ryan Bloom wrote: >>From: Ben Laurie [mailto:[EMAIL PROTECTED]] >> >>Cliff Woolley wrote: >> >>>On Mon, 3 Jun 2002, Ryan Bloom wrote: >>> >>> >>> >>>>I was actually just about to look at this problem if you are busy. >>> >>> >>>Go for it... I'm working on something else. >> >>Perhaps its just me, but I'm amused this is considered a bug. > > > It's a security hole IMO. The problem is that if you rewrite the URL > .*, then the error URL that mod_ssl will be rewritten. This means that > you can serve information over HTTP that was supposed to be restricted > to HTTPS.
Sorry, I don't understand this - seems like you missed a word or two out? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
