httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] POST Method on Redirect (mod_rewrite)
Date Thu, 12 Jul 2007 16:41:24 GMT
> -----Original Message-----
> From: SOPRO [mailto:soprobr@gmail.com] 
> Sent: Thursday, July 12, 2007 5:53 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] POST Method on Redirect (mod_rewrite)
> 
> Nick,
> 
>  I understood your comment about encrypted/unencrypted data.
>  About that three lines of mod_rewrite, I use them to provide
> round-robin for my two web servers.
> 
>   I want to know if this lost of POST data is the expected apache's
> behavior when redirecting.

It is expected of HTTP, not just apache... A redirect is an instruction
to the client to go to a new URL so obviously the POST data is "lost".

To explain, the client (ie, browser) attaches the POST data to the
original URL because that is what the HTML code in the form tells it to
do. When it submits that form (ie, sends the request to the server with
POST data attached), the browser is finished with that page so it
forgets about it. Then it gets an instruction to go to a new URL (the
redirect). So it simply requests this new URL (which could be on a
different server). How is it supposed to know that it has anything to do
with the original form?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
>  Regards,
> 
>  Fabricio.
> 
> 2007/7/12, Nick Kew <nick@webthing.com>:
> > On Thu, 12 Jul 2007 11:29:57 -0300
> > SOPRO <soprobr@gmail.com> wrote:
> >
> > > Hi all,
> > >
> > >  I have the following scenario in my httpd.conf file:
> > >
> > > <VirtualHost xxx.xxx.xxx.xxx:80>
> > >     ServerName myapp.domain.com
> > >     RewriteEngine On
> > >     RewriteCond          %{HTTPS} !=on
> > >     RewriteRule ^/(.*) https://secure.domain.com/myapp/$1 [L,R,NC]
> > > </VirtualHost>
> > >
> > >  My clients must submit a form (POST method) to 
> "myapp.domain.com",
> > > but when redirect occurs apache losts the submited values.
> >
> > That is particularly pointless.  The data have already been
> > POSTed over the wire unencrypted for all to see, and now you're
> > asking the client to re-post them encrypted.  What actually happens
> > is up to the browser, and how the user reacts to the security
> > messages.  If the data should be secure, you need to use the https
> > address in the first place.
> >
> > It's also over-complex to use three lines of mod_rewrite where a
> > single Redirect would do the same job for less effort.
> >
> > --
> > Nick Kew
> >
> > Application Development with Apache - the Apache Modules Book
> > http://www.apachetutor.org/
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message