httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: [Patch] Content-Location headers stripped by reverse proxy
Date Mon, 21 Feb 2000 22:06:54 GMT
Graham Leggett wrote:
> Hi all,
> Microsoft IIS v4.0 wants to place Content-Location headers on responses
> to requests. When such a server is reverse proxied, Apache allows this
> header, containing private backend information, through to the browser.
> Normal browsers seem to ignore the Content-Location header, however WAP
> phones do not. This header causes the WAP browser to bypass the reverse
> proxy and access the backend server directly.
> Our first solution was to treat the Content-Location header the same way
> Location headers were treated with ProxyPassReverse. But: Microsoft IIS
> v4.0 contains a bug where an attempt to access the URL
> http://somesite:8080/index.wml will return a Content-Location that says
> http://somesite/index.wml. The missing port number caused the WAP phone
> to go off to a different site completely. Oops.
> Our second solution is simpler: If the request is a reverse proxy,
> filter out the Content-Location header. After being reverse proxied the
> info in the Content-Location header is incorrect and irrelevant anyway.
> The patch is enclosed...

I think if you want any chance of this kind of thing being accepted
you're going to have to make a general purpose "strip these headers when
proxying" thing. I certainly can't see us always stripping
Content-Location simply because some phone companies can't implement
their browsers correctly.

Have you submitted a patch for the WAP phones? Oh, no, silly me. No
source. Shucks.




Y19100 no-prize winner!

View raw message