httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hendrik Harms <hendrik.ha...@gmail.com>
Subject Proxy-Authorization needed for ProxyRemote
Date Tue, 01 Nov 2005 15:39:00 GMT
proxy_http.c:966

/* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be
 * suppressed if THIS server requested the authentication,
 * not when a frontend proxy requested it!
 *
 * The solution to this problem is probably to strip out
 * the Proxy-Authorisation header in the authorisation
 * code itself, not here. This saves us having to signal
 * somehow whether this request was authenticated or not.
 */
 || !strcasecmp(headers_in[counter].key,"Proxy-Authorization")
 || !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")) {


I think this code denies any connection to a Forward-Proxy with
Proxy-Authorization even if I try to fake the Proxy-Authorization
Header with mod_headers (RequestHeader).

I know that the Proxy-Authorization Header is a Hop-to-Hop Header
that should be filtered. But the apache is neither able to send a
407 Response nor able to verify the Proxy-Authorization Header.
So I think it would be the best to pass through the Proxy-Authorization
Header.

If this is not possible, it would be nice to have something like
  ProxyRemote * http://proxy-user:proxy-password@forward.proxy.com

Regards,
Hendrik

--
----------------------------------------------------------
Hendrik Harms

Mime
View raw message