httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com>
Subject RE: SSL backend via ProxyRemote (using CONNECT)
Date Thu, 24 Apr 2014 13:29:06 GMT


> -----Original Message-----
> From: Yann Ylavic [mailto:ylavic.dev@gmail.com]
> Sent: Donnerstag, 24. April 2014 15:05
> To: httpd
> Subject: SSL backend via ProxyRemote (using CONNECT)
> 
> Hello,
> 
> with the following (chained) configuration :
> 
> <VirtualHost 127.0.0.1:80>
>     ServerName reverse-proxy
>     ProxyPass / https://backend:443/
>     ProxyRemote * http://proxy:8080
>     #ProxyRequests off
> </VirtualHost>
> 
> <VirtualHost 127.0.0.1:8080>
>     ServerName forward-proxy
>     ProxyRequests on
> </VirtualHost>
> 
> <VirtualHost 127.0.0.1:443>
>     ServerName backend
>     ## Whatever ###
> </VirtualHost>
> 
> Then, when the reverse-proxy receives a request-line like :
>     GET /index.php HTTP/1.1
>     Host: reverse-proxy
>     ...
> 
> It forwards this one(s) to the backend :
>     > CONNECT backend:443 HTTP/1.0
>     < HTTP/1.0 200 Established
>     < SSL stream now (note the full URL in the request-line) >
>     GET https://backend/index.php HTTP/1.1
>     Host: backend
>     ...
> 
> I agree that ProxyRemote is supposed to be a forward proxy (hence the
> full URL when requesting plain HTTP through it, with GET
> http://backend/index.php HTTP/1.1), but the final backend is not (and
> may even refuse full URLs, which is actually a case I'm facing).

IMHO this is a flaw of the backend as IMHO full URL's are allowed also in non proxy cases
by the RFC.

Regards

Rüdiger

Mime
View raw message