DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=36468>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36468 Summary: proxy_http doesn't set the hostname when doing reverse proxy Product: Apache httpd-2.0 Version: 2.0.54 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When doing a reverse proxy the proxy client connection remote_host field isn't populated. Since this is already available as a result of the ProxyPassReverse entry it makes sense to pass this on. Otherwise a client that may want this hostname value has no access to it until the request is being processed and in the case of an input filter that does something like SSL may be too late. SSL connections should compare the requested hostname value with the certificate subject returned by remote server. This is the only protection against man-in-the-middle attacks. Once mod_proxy populates this field then SSL connections can do this comparison. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
