httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] GET vs POST issue w/ a Proxy/Redirect
Date Wed, 09 Jul 2008 16:50:07 GMT
On Wed, 9 Jul 2008 11:28:37 -0500
"Scott Moseman" <scmoseman@gmail.com> wrote:


> ProxyPass / http://remoteserver/portal/
> ProxyPassReverse / http://remoteserver/portal/
> RewriteCond %{REQUEST_URI} ^/portal/(.*)
> RewriteRule ^/portal/(.*) /$1 [R]
> 
> Website form:
> 
> <form name="loginForm" method="post" action="/portal/login.do">
> 
> Logins fail (packet captures show a GET was made).
> 
> I'm making the assumption that the /portal/ being included in the FORM
> ACTION of the portal website is the cause of the Apache proxy and
> redirect sending a GET instead of a POST.  Is this normal behavior for
> Apache?

Nothing to do with Apache, it's your browser.  You configured
Apache to throw away the POST data and send a redirect, and the
browser is doing what it's told.

The browser couldn't re-post without prompting the user, and
advising them their data were being posted elsewhere.  That
would be a huge security hole.

>    Is there something else I can do in the config to combat this
> problem?  The reason for the Rewrite rules is that the sites (well, at
> least the portal site) makes literal references using that path, and I
> need to hide them.

Whatever you can hide, Scammers&Phishers-Inc can hide too.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message