On Thu, 21 Jun 2018, Дилян Палаузов wrote:
Hello,
Nginx being proxy removes the Etag when sub(stutions) are involved
(https://forum.nginx.org/read.php?2,242807,242809#msg-242809).
If Nginx is used as proxy and it returns ETags on GET, then most
probably the backend runs already on https and has the right hostname,
so that nginx doesn't need any rewritings.
Now, if a client sends Forwarded header and httpd, not being behind a
reverse proxy, interprets it, replacing the schema and hostname in the
answer, e.g the URL: in /freebusy/user/... request, then the behaviour
of httpd by interpreting the header will be correct: the client asked
for troubles and got troubles. The troubles however do will not happen
if httpd is behind a proxy and the proxy inserts Forwarded, as only the
last Forwarded is supposed to be interpreted. Irgnoring in this case
Forwarded, as this is anyway now the case, is also correct.
So I propose removing the checks in imap/http_proxy.c:http_proto_host()
for config_mupdate_server and proxyservers.
Wouldn't that break in a murder configuration? proxyservers is how the
backend httpd server knows it's an authorized frontend proxy connecting to
it.
Dave
