Short question: should ProxyBlock apply to the hostname from the request
URI, or the hostname of the next hop?
Long question: the way ProxyBlock is documented does not make explicit
that it is applied to the next hop; it would be natural to expect it is
matched against the request URI hostname. In this configuration:
ProxyRequests on
ProxyBlock badstuff.com
ProxyRemote * http://cache.mycorp.com/
cache.mycorp.com is the next hop, so it is "cache.mycorp.com" which is
checked against the ->noproxies list, and in that case would never
match. I'm struggling to think how that's useful... feature or bug?
Implications:
a) if the current implementation is the desired behaviour, that needs to
be clear in the docs, and mod_proxy_connect doesn't implement it
correctly, but that's all simple enough to fix up.
b) if it's not the desired behaviour, that's a lot more messy.
Regards, Joe
|