hi, for PCI compliance we installed these patched versions:
http://www.apsis.ch/pound/pound_list/archive/2013/2013-04/1367222265000 when we change the DNS entry to the new server, we got strange SSL redirect loops in our system. this could be an issue on our side, but we wonder, why it didn't happen with 2.6 pure, but it does happen with 2.6/7b patched. our setup is basically, that we have two pairs of servers (2x IIS, 2x rails) and a regex in the pound config, what should go where. on the IIS and on the rails server are areas, which are only accessible by https - when a request to this area comes in as http://URL a redirect to https://URLis made. these redirect seem to bounce around until a loop is complete.. is there a change in the pound versions above which could trigger this? the change we are aware of is, that SSL compression is disabled (this is one of the newer vulnerabilities PCI is complaining about). any help is appreciated.. PAT -- *Pat Erler* Gtalk/G+: [email protected] <[email protected]>Skype: pat_erler
