https://bz.apache.org/bugzilla/show_bug.cgi?id=62233
Bug ID: 62233
Summary: Duplicate headers sent on forbidden page with
mod_proxy
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_headers
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Apache is being used as a reverse proxy. Normal requests only one header is
returned.. however when a 403 is returned I am getting duplicate headers.
Apache configuration similar to the following.
<VirtualHost *:443>
ServerName site-a.example.com
Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains"
On a normal request I only receive one header.. on a 403 I get the following:
curl.exe -I --head -k https://site-a.example.com/page/a
HTTP/1.1 403 Forbidden
Date: Thu, 29 Mar 2018 16:24:14 GMT
Server: Apache/2.4.29 (Win64) OpenSSL/1.1.0g
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: close
Content-Type: text/html; charset=iso-8859-1
I tried removing "always" to see if that would fix it but then I receive no
headers on the request. I then tried setifempty and still did not get a
header..
HTTP/1.1 403 Forbidden
Date: Thu, 29 Mar 2018 16:28:03 GMT
Server: Apache/2.4.29 (Win64) OpenSSL/1.1.0g
Connection: close
Content-Type: text/html; charset=iso-8859-1
in order to check that both headers were being duplicated by apache I modified
the header and both were changed.
For some reason it seems apache is appending the headers instead of overwriting
them..
Please let me know if you have any questions..
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
