Owen,

Understood. I'll have to change our load-balance method.

Thanks so much.

Fabricio.

2007/7/12, Boyle Owen <[EMAIL PROTECTED]>:
> -----Original Message-----
> From: SOPRO [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 12, 2007 5:53 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] POST Method on Redirect (mod_rewrite)
>
> Nick,
>
>  I understood your comment about encrypted/unencrypted data.
>  About that three lines of mod_rewrite, I use them to provide
> round-robin for my two web servers.
>
>   I want to know if this lost of POST data is the expected apache's
> behavior when redirecting.

It is expected of HTTP, not just apache... A redirect is an instruction
to the client to go to a new URL so obviously the POST data is "lost".

To explain, the client (ie, browser) attaches the POST data to the
original URL because that is what the HTML code in the form tells it to
do. When it submits that form (ie, sends the request to the server with
POST data attached), the browser is finished with that page so it
forgets about it. Then it gets an instruction to go to a new URL (the
redirect). So it simply requests this new URL (which could be on a
different server). How is it supposed to know that it has anything to do
with the original form?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>
>  Regards,
>
>  Fabricio.
>
> 2007/7/12, Nick Kew <[EMAIL PROTECTED]>:
> > On Thu, 12 Jul 2007 11:29:57 -0300
> > SOPRO <[EMAIL PROTECTED]> wrote:
> >
> > > Hi all,
> > >
> > >  I have the following scenario in my httpd.conf file:
> > >
> > > <VirtualHost xxx.xxx.xxx.xxx:80>
> > >     ServerName myapp.domain.com
> > >     RewriteEngine On
> > >     RewriteCond          %{HTTPS} !=on
> > >     RewriteRule ^/(.*) https://secure.domain.com/myapp/$1 [L,R,NC]
> > > </VirtualHost>
> > >
> > >  My clients must submit a form (POST method) to
> "myapp.domain.com",
> > > but when redirect occurs apache losts the submited values.
> >
> > That is particularly pointless.  The data have already been
> > POSTed over the wire unencrypted for all to see, and now you're
> > asking the client to re-post them encrypted.  What actually happens
> > is up to the browser, and how the user reacts to the security
> > messages.  If the data should be secure, you need to use the https
> > address in the first place.
> >
> > It's also over-complex to use three lines of mod_rewrite where a
> > single Redirect would do the same job for less effort.
> >
> > --
> > Nick Kew
> >
> > Application Development with Apache - the Apache Modules Book
> > http://www.apachetutor.org/
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >    "   from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to