The Un-Official Proxomitron Forum
half-ssl 302 redirect... - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Config Sets (/forumdisplay.php?fid=43)
+--- Forum: Sidki (/forumdisplay.php?fid=44)
+---- Forum: Bug Reports (/forumdisplay.php?fid=47)
+---- Thread: half-ssl 302 redirect... (/showthread.php?tid=1701)



half-ssl 302 redirect... - ProxRocks - Nov. 24, 2010 09:58 AM

i've bumped into a half-ssl situation where the logout process lands on a 302 that redirects itself to a NON-half-ssl site...

here's the (modified) code for that landed-on 302...
Code:
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.insurance.com/WebMdLogOut/logout.html">here</a>.
</p>
</body></html>

in my half-ssl session, i click the site's (original) logout "button", the process lands on this 302, and it "jumps me out of" half-ssl (and the insuing nag screen when the browser hits an http s :// and thus the very reason i half-ssl to begin with, to avoid them [email protected]&n nags, lol)...

i've fixed "my" problem by writing a filter that replaces the "original" logout 'button' with a half-ssl link that points to where the 302 was non-halving to...


but the question herein is this, "should we rewrite the half-ssl filters so that they "catch" 302 redirects?" (or do they already and my above scenario is a "one-off" rarity?)


RE: half-ssl 302 redirect... - whenever - Nov. 24, 2010 02:58 PM

(Nov. 24, 2010 09:58 AM)ProxRocks Wrote:  but the question herein is this, "should we rewrite the half-ssl filters so that they "catch" 302 redirects?" (or do they already and my above scenario is a "one-off" rarity?)

The filter is already there, see Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In).

I don't know why it doesn't work. It would help if you could post the http headers log.


RE: half-ssl 302 redirect... - ProxRocks - Nov. 24, 2010 03:22 PM

i'll keep my eye open if i see any more of these...
gonna write it off as a "one-off" unless i can find more...


the header logs look like they are "supposed to", but yet i'm getting a browser "ssl nag screen", so who knows...