Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 44949 invoked from network); 3 Oct 2007 13:13:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Oct 2007 13:13:53 -0000 Received: (qmail 50141 invoked by uid 500); 3 Oct 2007 13:13:39 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 50069 invoked by uid 500); 3 Oct 2007 13:13:39 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 50058 invoked by uid 99); 3 Oct 2007 13:13:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Oct 2007 06:13:39 -0700 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=DATE_IN_PAST_03_06,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nickgearls@gmail.com designates 66.249.92.170 as permitted sender) Received: from [66.249.92.170] (HELO ug-out-1314.google.com) (66.249.92.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Oct 2007 13:13:40 +0000 Received: by ug-out-1314.google.com with SMTP id c2so148006ugf for ; Wed, 03 Oct 2007 06:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=KVpmK5zkRFnkOS6+FGB7q0LT1c8Kfklb4+tdzcGRnvg=; b=VDTIRWVyhQJE+osXjjjngR+fxfSjdIq7n7b8fPZvLigrXV5+W/IzOKjdfC/NZn9Q0gWo8sRcL3P7MRUS/jpksPR4WrYCOojL3cmTsDgQYBNpBG/sN7pN7lEFaECU3CoTV0wal/DZblV2ElXlaWZ+4oOVWgYXqddw1LpKtDuy6fo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=XWcvqxnEXmyPk4HQ/ekqbVSCLUD//e2pjvLpheI7jXIl5MWUNPmqr/EHVFI0wWWFDHCp+3kkWAlGUo9TRHcW3R6E/x/Any46WLWeL9O3FKSzje8+sJS5xjLXCdJZqQnMGRLW45kUaWM9eXiOruwKJvtsx31vyksph2Ae8MXG8aI= Received: by 10.66.255.7 with SMTP id c7mr502655ugi.1191417199071; Wed, 03 Oct 2007 06:13:19 -0700 (PDT) Received: from ?10.0.0.1? ( [212.71.9.78]) by mx.google.com with ESMTPS id s8sm1550096uge.2007.10.03.06.13.17 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 03 Oct 2007 06:13:17 -0700 (PDT) Message-ID: <47036AF5.7050006@gmail.com> Date: Wed, 03 Oct 2007 12:12:05 +0200 From: Nick Gearls User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: mod_proxy & &headers References: <47036ABD.6000005@gmail.com> <20071003112731.7d674646@grimnir> <4703728C.1020909@gmail.com> <20071003120309.3ba83b9c@grimnir> <14102.84.233.182.145.1191411021.squirrel@www.sharp.fm> In-Reply-To: <14102.84.233.182.145.1191411021.squirrel@www.sharp.fm> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I agree, we have to check if it latches the back-end before changing it to the front-end, and vice-versa. This way, it sounds totally safe, no ? Graham Leggett wrote: > On Wed, October 3, 2007 1:03 pm, Nick Kew wrote: > >> It would break headers that contain a URL-like pattern that isn't >> a URL. And if you think that's unlikely, just look at the number >> of false positives in desktop software (e.g. mailers) that guesses >> links and makes http://www.example.org or even just www.example.com >> clickable. > > As I recall the ProxyPassReverse does an exact string prefix match on > Location, and if there is a match, the header is changed, otherwise it > leaves the header alone. > > By saying "ProxyPassReverse" it seems sane to be telling the proxy that it > should hide every and all occurences of the backend url by replacing it > with the frontend url, although from the perspective of changing existing > behaviour in existing installations, a compromise would be to identify > headers used by WebDAV, and alter those headers as well as Location. > > Regards, > Graham > -- > > >