You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/09/02 00:59:30 UTC
DO NOT REPLY [Bug 36468] New: -
proxy_http doesn't set the hostname when doing reverse proxy
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36468>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36468
Summary: proxy_http doesn't set the hostname when doing reverse
proxy
Product: Apache httpd-2.0
Version: 2.0.54
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: rcritten@redhat.com
When doing a reverse proxy the proxy client connection remote_host field isn't
populated. Since this is already available as a result of the ProxyPassReverse
entry it makes sense to pass this on.
Otherwise a client that may want this hostname value has no access to it until
the request is being processed and in the case of an input filter that does
something like SSL may be too late.
SSL connections should compare the requested hostname value with the certificate
subject returned by remote server. This is the only protection against
man-in-the-middle attacks. Once mod_proxy populates this field then SSL
connections can do this comparison.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org