D'ar merc'her 02 a viz Ebrel 2014 e 00 eur 13, « Cyril Bonté » he deus skrivet :
> Le 01/04/2014 23:56, Bertrand Jacquin a écrit :
> > When bk_local/localhost is UP :
> >
> > $ curl -vk -so /dev/null https://203.0.113.42/__bar/
> > (...)
> >> GET /__bar/ HTTP/1.1
> >> User-Agent: curl/7.35.0
> >> Host: 203.0.113.42
> >> Accept: */*
> >>
> > < HTTP/1.1 200 OK
> > < Date: Tue, 01 Apr 2014 21:54:46 GMT
> > * Server Apache is not blacklisted
> > < Server: Apache
> > < Expires: Tue, 01 Apr 2014 21:54:46 +0000
> > < Cache-Control: no-store, no-cache, must-revalidate, pre-check=0,
> > post-check=0, max-age=0
> > < Last-Modified: Tue, 01 Apr 2014 21:54:46 +0000
> > < Transfer-Encoding: chunked
> > < Content-Type: text/html; charset=utf-8
> > < Vary: Accept-Encoding
> > < Strict-Transport-Security: max-age=16070400
> > { [data not shown]
> > * Connection #0 to host 203.0.113.42 left intact
> >
> > When bk_local/localhost is DOWN :
> >
> > $ curl -vk -so /dev/null https://203.0.113.42/__bar/
> > (...)
> >> GET /__bar/ HTTP/1.1
> >> User-Agent: curl/7.35.0
> >> Host: 203.0.113.42
> >> Accept: */*
> >>
> > < HTTP/1.1 301 Moved Permanently
> > < Content-length: 0
> > < Location: https://203.0.113.42/__bar/
> > < Vary: Accept-Encoding
> > < Strict-Transport-Security: max-age=16070400
> > <
> > * Connection #0 to host 203.0.113.42 left intact
>
> What is adding the Vary and Strict-Transport-Security headers in this
> second case ?
A missing 'http-response set-header' in the previous copy and paste.
http-response set-header Vary Accept-Encoding
http-response set-header Strict-Transport-Security max-age=16070400 if {
ssl_fc }
--
Bertrand
