Hi there,
Does anybody have any ideas about the issues i am seeing below.
cheers
Steve
-----Original Message-----
From: Foster, Stephen (ASPIRE)
Sent: 22 December 2006 09:03
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-writing URI's
Hi there,
i've tried that and had no joy, what i am trying now is to have a rewrite
condition based on the first part of the query string.
e.g:
RewriteCond %{QUERY_STRING} =?APPURI(.*)
RewriteRule APPURI=http: APPURI=https: [QSA,L]
However i can't get the rule to kick in for the condition, it seems to ignore
it (probably becauses its wrong !!) and tries to apply the rule to the uri. e.g
from the rewrite log:
10.101.212.165 - - [21/Dec/2006:13:04:35 +0000]
[dit.hmrc.gov.uk/sid#11b360][rid#9d7c88/initial] (3) applying pattern 'APPURI'
to uri '/service/validation/validator.js'
Any thoughts would be greatly appreciated
Steve
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 15 December 2006 17:02
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] re-writing URI's
On 12/15/06, Foster, Stephen (ASPIRE) <[EMAIL PROTECTED]> wrote:
> hi joshua,
>
> sorry i should have been more specific. Its not actually our app but an
> authentication plug-in and backend that changes the URI and then passes back
> to the browser. There may be a bug in it that its capturing the incoming URL
> and not able to re-write it to https before passing back. This is being
> investigated by the provider but in the meantime i would like to re-write the
> URI to the proper secure method.
>
> does that make sense?
Sort of. But it is hard to tell where your authentication plug-in is
acting here. What I would do is simply tack a ? on the end of the URL
when redirecting from HTTP to HTTPS. This will eliminate the query
string and hopefully force your plug-in to recreate it. And it also
has the benefit of making sure your don't accidentally have people
submit sensitive information in the query string to the non-secure
server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===========================================================
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===========================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===========================================================
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===========================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
