Hi, On Wed, Apr 02, 2014 at 12:50:08AM +0200, Cyril Bonté wrote: > Le 02/04/2014 00:16, Bertrand Jacquin a écrit : > >>What is adding the Vary and Strict-Transport-Security headers in this > >>second case ? > > > >A missing 'http-response set-header' in the previous copy and paste. > > > > http-response set-header Vary Accept-Encoding > > http-response set-header Strict-Transport-Security max-age=16070400 if > > { ssl_fc } > > Sorry but we're certainly missing something with your configuration. > Even if those "set-header" were added, they can't be applied to the > redirect with the configuration provided in the example. > > It makes me think there is a second level of proxy in your test. Am I > wrong ?
Strange, I can't reproduce with latest master. I easily imagine there could be a bug with the way the http-request redirect rule works though (since we're keeping the pointer to the last validated rule and executing it later). But looking at the code, I don't see how we can leave the function http_req_get_intercept_rule() with a valid rule when the ACL condition is not met :-/ Bertrand, would you like to add a "return NULL;" at the top of the aforementionned function ? Willy