On 6/23/06, Fabricio Luiz Machado <[EMAIL PROTECTED]> wrote:
Hi all!
I have an application hosted in two servers:
https://server1.mydomain.com/app
https://server2.mydomain.com/app
The client have a system (not a browser) that must access the
application and send username and password through a POST method,
conectiong at:
http://app.mydomain.com
The two server above are responding for "app.mydomain.com", because I
have an DNS round-robin environment.
On both servers, i have a rewrite configuration:
on server1:
<VirtualHost xx.xx.xx.xx:80>
ServerName app.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://server1.mydomain.com/app [L,R,NC]
</VirtualHost>
on server2:
<VirtualHost xx.xx.xx.xx:80>
ServerName app.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://server2.mydomain.com/app [L,R,NC]
</VirtualHost>
The rewrite is working very fine for years, but in this case not,
because the application is not receiving the POST information (username
and password.
Is there a workaround for this problem ?
This is a bad idea for a couple reasons. First, the initial POST will
be sent in-the-clear (unencrypted), so you've blown your security.
Second, browser handling of redirected POST requests is very uneven
and unreliable. For a full discussion, see:
http://ppewww.ph.gla.ac.uk/~flavell/www/post-redirect.html
According to his testing, you may have more success if you use R=307.
But it just isn't a good idea.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
