On Fri, 5 Dec 2003, Jesse Reynolds wrote: > Why do redirectors worsen the situation?
Depends on what the redirector does. Provided it only adds options to the URL and does not modify the URL there is no problem. But if the redirector modifies the host compontent of the URL or the URL-path then there is even less information to the web server/application on what the original URL was in the browser and a bigger risk for mismatches. > We are on 2.5 so can't use Front-End-Https: unfortuntaly, but that > sounds more elegant that what we're doing. We have gone ahead and > are tacking a SSL=1 param on the end of the URLs if they were > accessed with HTTPS, this is working well for us, if a bit ugly. Another option which you might be able to try is to rewrite the URLs into https:// and configure the web server as a parent proxy (but remember to disable server-side persistent connections). This will make Squid send the full URL to the server including protocol, not only the URL-path + query. Regards Henrik
