This one time, at band camp, Ricky wrote:
>Is there a way to force user to use (or redirect to) https for a single page
>only, eg. I don't need https://www.domain.com for the whole site.
>
>For example, https://www.domain.com/privacy_form.htm (1 page only)
>
>when user type in "http....", and Apache force it to "https://......";
You can use the dark voodoo of mod_rewrite to catch this URL:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/(privacy_form\.htm)$ https://%{HTTP_HOST}/$1 [R,L]
</IfModule>
Or alternatively if you're in a CGI you can query the environment and find
out if you're in SSL and send back a hard redirect otherwise, which means
the page itself can ensure SSL.
>When the secure form arrives at the server, I don't want the data sitting on
>the server. Is there a way to immediately forward it to a secure server or
>even directly to an email address.
>
>assuming mod_ssl is configured properly
The form data comes in the request, and doesn't get written to disk unless
you say so. Whatever the form handler does is up to you; you can forward to
another server, email it, or whatever.
(For the record, emailing data from a secure form off of the server is a very
bad practice.)
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
