httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dziugas Baltrunas" <dziu...@baltrunas.lt>
Subject Re: [PATCH] ProxyAddXHeaders for mod_proxy
Date Wed, 04 Apr 2007 09:48:27 GMT
Hi, Nick,

if you recall my initial paragraph, I'm here to address the
configuration of httpd acting as a generic HTTP proxy which is able to
handle both a standard (forward proxy mode) and transparent (reverse
proxy mode) proxy requests. This is the same what other proxy servers
(like Squid) do.

For this to achieve I use 'ProxyRequests On' together with couple of
mod_rewrite rules with [P] flag (but not ProxyPass rules since every
remote host needs to be proxied).

The problem is that with current mod_proxy_http outgoing http request
is dependant on how the original request was made to httpd. If
original request was in "forward" fashion, no X-Forwarded-* headers
are added to the outgoing request. Otherwise, for reverse proxy
requests "Privacy Note" comes into play and additional X-Forwarded-*
headers become visible (i.e. added by httpd) for remote hosts.

The intention was not to distinguish the way on how the original
request was made and stay consistent (that is, always add some headers
or never) when forwarding the request to a remote host.

I hope now the problem should be more clear.

On 4/4/07, Nick Kew <nick@webthing.com> wrote:
> On Wed, 4 Apr 2007 12:08:15 +0300
> "Dziugas Baltrunas" <dziugas@baltrunas.lt> wrote:
>
> > Hi,
> >
> > any commens/objections on this patch?
>
> Hmmm ... not sure I understand the problem you're fixing.
>
> > > > Currently mod_proxy_http adds X-Forwarded-* headers
> > > > unconditionally when we have a reverse proxy request and never
> > > > for forward proxy requests.
>
> I'm guessing this is the crux of your point.
> In the source code is a comment headed "Privacy Note", comprising
> three paragraphs explaining this behaviour.  Perhaps it would be
> useful if you could address that comment directly.
>
> Also useful would be if you could explain what information
> you want is actually being lost in a forward proxy (if indeed
> that is your underlying problem)?
>
> --
> Nick Kew
>
> Application Development with Apache - the Apache Modules Book
> http://www.apachetutor.org/
>


-- 
Dziugas Baltrunas
http://dziugas.baltrunas.lt/

Mime
View raw message