> From: Ben Laurie [mailto:[EMAIL PROTECTED]] > > Cliff Woolley wrote: > > On Mon, 3 Jun 2002, Ryan Bloom wrote: > > > > > >>I was actually just about to look at this problem if you are busy. > > > > > > Go for it... I'm working on something else. > > Perhaps its just me, but I'm amused this is considered a bug.
It's a security hole IMO. The problem is that if you rewrite the URL .*, then the error URL that mod_ssl will be rewritten. This means that you can serve information over HTTP that was supposed to be restricted to HTTPS. Ryan