On Thu, Dec 15, 2011 at 10:59 AM, Christoph Pilka <christoph.pi...@googlemail.com> wrote: > Howdy, > > according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer > header field in a (non-secure) HTTP request if the referring page was > transferred with a secure protocol" which makes sense in certain > circumstances because of sensitive data the HTTPS request would hand over. > But is there any way to configure the HTTPS site's Apache to strip down this > behaviour and tell the web server to only deliver the hostname within the > referer header? In our case we need some kind of solution to pass-through the > referer to external HTTP sites for evaluation purposes. Our site uses purely > HTTPS. Many thanks in advance for any hints. > > Cheerio, > Chris >
No, there is no way for a http server to tell a client "Actually, go ahead and disobey that RFC". Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
