DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25947>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25947 mod_proxy: illegal remove of Proxy-Authorization header in reverse proxy mode Summary: mod_proxy: illegal remove of Proxy-Authorization header in reverse proxy mode Product: Apache httpd-2.0 Version: 2.0.48 Platform: All URL: http://www.evidian.com OS/Version: All Status: NEW Severity: Major Priority: Other Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Apache/httpd (2.0.48 in our case)/mod_proxy always remove the Proxy-Authorization header from the HTTP request issued to an origin server. This is HTTP compilant if the server behaves as a forward proxy (it should not follow authorization information that what intended to itself). But this is not correct if the server behaves as a reverse proxy. Indeed the client part of the reverse proxy should be allowed to issue an HTTP request containing a Proxy-Authorization header to the next-in-chain forward proxy. We set the severity as major since this bug makes impossible to use Apache as a reverse proxy in an infrstaructure where the use of a forward proxy is mandatory (which is quite a common case). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
