Hi,
On Wed, Apr 02, 2014 at 12:50:08AM +0200, Cyril Bonté wrote:
> Le 02/04/2014 00:16, Bertrand Jacquin a écrit :
> >>What is adding the Vary and Strict-Transport-Security headers in this
> >>second case ?
> >
> >A missing 'http-response set-header' in the previous copy and paste.
> >
> > http-response set-header Vary Accept-Encoding
> > http-response set-header Strict-Transport-Security max-age=16070400 if
> > { ssl_fc }
>
> Sorry but we're certainly missing something with your configuration.
> Even if those "set-header" were added, they can't be applied to the
> redirect with the configuration provided in the example.
>
> It makes me think there is a second level of proxy in your test. Am I
> wrong ?
Strange, I can't reproduce with latest master.
I easily imagine there could be a bug with the way the http-request
redirect rule works though (since we're keeping the pointer to the last
validated rule and executing it later).
But looking at the code, I don't see how we can leave the function
http_req_get_intercept_rule() with a valid rule when the ACL condition
is not met :-/
Bertrand, would you like to add a "return NULL;" at the top of the
aforementionned function ?
Willy
