httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] GET vs POST issue w/ a Proxy/Redirect
Date Wed, 09 Jul 2008 16:50:07 GMT
On Wed, 9 Jul 2008 11:28:37 -0500
"Scott Moseman" <> wrote:

> ProxyPass / http://remoteserver/portal/
> ProxyPassReverse / http://remoteserver/portal/
> RewriteCond %{REQUEST_URI} ^/portal/(.*)
> RewriteRule ^/portal/(.*) /$1 [R]
> Website form:
> <form name="loginForm" method="post" action="/portal/">
> Logins fail (packet captures show a GET was made).
> I'm making the assumption that the /portal/ being included in the FORM
> ACTION of the portal website is the cause of the Apache proxy and
> redirect sending a GET instead of a POST.  Is this normal behavior for
> Apache?

Nothing to do with Apache, it's your browser.  You configured
Apache to throw away the POST data and send a redirect, and the
browser is doing what it's told.

The browser couldn't re-post without prompting the user, and
advising them their data were being posted elsewhere.  That
would be a huge security hole.

>    Is there something else I can do in the config to combat this
> problem?  The reason for the Rewrite rules is that the sites (well, at
> least the portal site) makes literal references using that path, and I
> need to hide them.

Whatever you can hide, Scammers&Phishers-Inc can hide too.

Nick Kew

Application Development with Apache - the Apache Modules Book

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message