httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: [users@httpd] SNI with apache 2.4.1 reverse proxy
Date Sun, 29 Apr 2012 07:59:28 GMT
On 23.04.2012 17:11, Michael Weiser wrote:
> I don't think so: I'm not directing the Proxy to connect to a different
> host. I just make it send different SNI data to the configured backend
> server and accept a different CN in the server's certificate.

I guess it boils down to the question of what the semantics of ProxyPass
are / should be. Currently, the docs say (for 2.0/2.2./2.4):

> This directive allows remote servers to be mapped into the space of 
> the local server; the local server does not act as a proxy in the 
> conventional sense, but appears to be a mirror of the remote server. 
> _path_ is the name of a local virtual path; _url_ is a partial URL for
> the remote server and cannot include a query string.

With the patch you proposed in PR 53134, the docs about ProxyPass would
have to be amended with something like: "If ProxyPreserveHost is turned
on, the host component of _url_ is used to determine what host to
connect to at the network layer, but is otherwise ignored (only the
scheme and path components are taken into account)."

Whether that is desired or not probably depends on a judgement of
possible use cases. As far as I'm concerned, I'm not convinced that
there are really good reasons for "playing the ProxyPreserveHost trick"
(neither for https nor for http, actually), but YMMV.

Kaspar


Mime
View raw message