> -----Original Message----- > From: Yann Ylavic [mailto:[email protected]] > Sent: Donnerstag, 24. April 2014 15:05 > To: httpd > Subject: SSL backend via ProxyRemote (using CONNECT) > > Hello, > > with the following (chained) configuration : > > <VirtualHost 127.0.0.1:80> > ServerName reverse-proxy > ProxyPass / https://backend:443/ > ProxyRemote * http://proxy:8080 > #ProxyRequests off > </VirtualHost> > > <VirtualHost 127.0.0.1:8080> > ServerName forward-proxy > ProxyRequests on > </VirtualHost> > > <VirtualHost 127.0.0.1:443> > ServerName backend > ## Whatever ### > </VirtualHost> > > Then, when the reverse-proxy receives a request-line like : > GET /index.php HTTP/1.1 > Host: reverse-proxy > ... > > It forwards this one(s) to the backend : > > CONNECT backend:443 HTTP/1.0 > < HTTP/1.0 200 Established > < SSL stream now (note the full URL in the request-line) > > GET https://backend/index.php HTTP/1.1 > Host: backend > ... > > I agree that ProxyRemote is supposed to be a forward proxy (hence the > full URL when requesting plain HTTP through it, with GET > http://backend/index.php HTTP/1.1), but the final backend is not (and > may even refuse full URLs, which is actually a case I'm facing).
IMHO this is a flaw of the backend as IMHO full URL's are allowed also in non proxy cases by the RFC. Regards Rüdiger
