On Fri, 5 Dec 2003, Jesse Reynolds wrote:
> Why do redirectors worsen the situation?
Depends on what the redirector does. Provided it only adds options to the
URL and does not modify the URL there is no problem.
But if the redirector modifies the host compontent of the URL or the
URL-path then there is even less information to the web server/application
on what the original URL was in the browser and a bigger risk for
mismatches.
> We are on 2.5 so can't use Front-End-Https: unfortuntaly, but that
> sounds more elegant that what we're doing. We have gone ahead and
> are tacking a SSL=1 param on the end of the URLs if they were
> accessed with HTTPS, this is working well for us, if a bit ugly.
Another option which you might be able to try is to rewrite the URLs into
https:// and configure the web server as a parent proxy (but remember to
disable server-side persistent connections). This will make Squid send the
full URL to the server including protocol, not only the URL-path + query.
Regards
Henrik
Received on Thu Dec 04 2003 - 19:01:06 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:05 MST