Return-Path: 
 <dev-return-20823-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 58381 invoked by uid 500); 14 Sep 2001 18:02:14 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 58363 invoked by uid 500); 14 Sep 2001 18:02:14 -0000
Delivered-To: apmail-new-httpd@apache.org
Message-ID: <01c101c13d47$7524e890$0c381b09@sashimi>
From: "Bill Stoddard" <bill@wstoddard.com>
To: <new-httpd@apache.org>
Subject: 301 Redirect through a firewall... Possible to hide the origin server
 ip address?
Date: Fri, 14 Sep 2001 14:02:45 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Browser hits an Apache server through a firewall with a request like this:

GET /manual HTTP/1.0

manual is a directory which results in the server issuing a redirect thusly

HTTP/1.1 301 Moved Permanently
Date: Fri, 14 Sep 2001 17:37:22 GMT
Server: Apache/1.3.20 (Unix)
Location: http://origin_server/manual/
Connection: close
Content-Type: text/html; charset=iso-8859-1

The origin server sits behind a firewall. The problem is that the Location header field
contains the origin server name, not the name of the firewall, which is a bit of a
security exposure.

I really have no good ideas on how to prevent the location header field from having the
origin_server name/address. Thoughts?

Bill