https://issues.apache.org/bugzilla/show_bug.cgi?id=55866
--- Comment #4 from Yann Ylavic <[email protected]> --- The proxy is requesting front.example.com but gets a certificate from back.example.com, how could it validate the peer's CN positively? Isn't back.example.com the man-in-the-middle? When ProxyPreserveHost is on, the host part of the ProxyPass's URL is used only to resolve the IP address (which could be used there instead, with no difference). Contrariwise, if one uses ProxyPreserveHost because the/some backend uses the same Host as the requested one, should the check fail because (s)he sets an IP address (or a private hostname) in the ProxyPass? When ProxyPreserveHost is on, either a new directive has to be added to select the expected peer's hostname (Host vs ProxyPass, bug 54656), or the current behaviour be applied. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
