On Wed, 9 Jul 2008 11:28:37 -0500
"Scott Moseman" <scmoseman@(protected):


> ProxyPass / http://remoteserver/portal/
> ProxyPassReverse / http://remoteserver/portal/
> RewriteCond %{REQUEST_URI} ^/portal/(.*)
> RewriteRule ^/portal/(.*) /$1 [R]
>
> Website form:
>
> <form name="loginForm" method="post" action="/portal/login.do">
>
> Logins fail (packet captures show a GET was made).
>
> I'm making the assumption that the /portal/ being included in the FORM
> ACTION of the portal website is the cause of the Apache proxy and
> redirect sending a GET instead of a POST. Is this normal behavior for
> Apache?

Nothing to do with Apache, it's your browser. You configured
Apache to throw away the POST data and send a redirect, and the
browser is doing what it's told.

The browser couldn't re-post without prompting the user, and
advising them their data were being posted elsewhere. That
would be a huge security hole.

>   Is there something else I can do in the config to combat this
> problem? The reason for the Rewrite rules is that the sites (well, at
> least the portal site) makes literal references using that path, and I
> need to hide them.

Whatever you can hide, Scammers&Phishers-Inc can hide too.

--
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
 "  from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)