On Fri, 2019-05-17 at 17:33 +0900, Marc Dequènes wrote:

> This rational does not stand anymore as now this URL replies with:
> < HTTP/1.1 302 Found
> < Location: https://popcon.debian.org/cgi-bin/popcon.cgi
> 
> I don't know for how long this has been the case but as nobody seemed to 
> have noticed I guess switching to HTTPS would be fine.

The popcon client does not get this redirect:

$ GET -dS http://popcon.debian.org/cgi-bin/popcon.cgi
GET http://popcon.debian.org/cgi-bin/popcon.cgi
302 Found
GET https://popcon.debian.org/cgi-bin/popcon.cgi
200 OK

$ GET -H 'User-Agent: popcon-upload' -dS 
http://popcon.debian.org/cgi-bin/popcon.cgi
GET http://popcon.debian.org/cgi-bin/popcon.cgi
200 OK

pabs@pinel:~$ grep -C1 popcon-upload 
/etc/apache2/sites-available/popcon.debian.org
        RewriteEngine on
        RewriteCond "%{HTTP_USER_AGENT}" !popcon-upload
        RewriteRule ^(.*) https://popcon.debian.org$1 [R,L]

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to