On 28 Nov 2011, at 00:37, Stefan Fritsch wrote: > * With 'ProxyRequests off', we accept absolute urls like http://hostname/path > for local requests, but we don't check that the hostname contained in it > actually matches the Host header if there is one. The hostname from the URI > is then used for vhost matching and put into r->hostname. This is mandated by > RFC2616 but I guess there are quite a few buggy webapps that always look into > the Host header. A workaround may be to set the Host header to the hostname > from the URI in this case.
I'd sooner see a 400 response. Are there any circumstances where mismatch is required / sent by a current client? Some tolerance might be required, for example if the request line specifies a port but the Host: header does not. -- Tim Bannister — is...@jellybaby.net
