httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Pilka <christoph.pi...@googlemail.com>
Subject [users@httpd] HTTPS local site -> HTTP remote destination & referer pass-through
Date Thu, 15 Dec 2011 10:59:37 GMT
Howdy,

according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer header field in
a (non-secure) HTTP request if the referring page was transferred with a secure protocol"
which makes sense in certain circumstances because of sensitive data the HTTPS request would
hand over. But is there any way to configure the HTTPS site's Apache to strip down this behaviour
and tell the web server to only deliver the hostname within the referer header? In our case
we need some kind of solution to pass-through the referer to external HTTP sites for evaluation
purposes. Our site uses purely HTTPS. Many thanks in advance for any hints.

Cheerio,
Chris



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message