Re: [squid-users] Redirects changing POST to GET from Amos Jeffries on 2008-01-23 (squid-users)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Thu, 24 Jan 2008 14:03:56 +1300 (NZDT)

> Amos Jeffries wrote:
>>> I've setup a reverse proxy running Squid 2.6.STABLE6 5.el5_1.2 on
>>> RHEL5.1.
>>> All remote access to the proxy is supposed to be via HTTPS, but since
>>> some of the protected apps give out absolute URL's at HTTP, I've also
>>> setup a redirector that listens on port 80 and sends a 301 redirect
>>> back
>>> to the client with an HTTPS version of the same URL.
>>>
>>> The problem I'm seeing is that whenever a CGI is called via HTTP with a
>>> POST method, it gets converted to GET when the new request comes in on
>>> HTTPS. This, of course, breaks the app.
>>>
>>> When I bypass the proxy, the HTTP POST method works just fine. Any
>>> ideas
>>> what might be causing the method to change or how to get around this?
>>> Every web search I try comes up empty. I'm not sure if the variables
>>> are
>>> getting dropped in the process, or if the app just doesn't know how to
>>> handle GET methods, but regardless, this is a debilitating problem for
>>> this app, so I really need a solution. The app in question is Oracle
>>> Collaboration Suite 10g, if it makes a difference.
>>
>> Sounds like a broken CGI to me. With redirection to 301:... squid should
>> be actually sending the 301 back to the client for it to re-POST back to
>> the new URI.
>
> I don't see how it can be the CGI that's at fault, because the conversion
> from POST to GET is happening before the CGI ever gets hit. I think
> itmust be something about the proxy, redirector, or browser that's causing
> the conversion.

Sorry, yes its somewhere between response squid gives and the handling of it.

>
> I should mention that we've experienced this with both IE 7 on WinXP and
> with Firefox on Ubuntu Linux.

Quite a range. Maybe it is squid.

>
> Has anybody seen this behavior before, or heard anything that would
> indicate the conversion is a security feature?
>

Try squidclient -h ?? -p 80 -m POST http://...
and see what squid gives back in the 301 headers.

Amos
Received on Wed Jan 23 2008 - 18:04:20 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST