On Tue, Jul 11, 2017 at 1:41 PM,  <jfcl...@apache.org> wrote:
> Author: jfclere
> Date: Tue Jul 11 11:41:44 2017
> New Revision: 1801594
>
> URL: http://svn.apache.org/viewvc?rev=1801594&view=rev
> Log:
>
> Add logic to read the Upgrade header and use it in the response.
> Use we you are proxying to a server that has multiple upgrade on the same 
> IP/Port.
> PR 61142

I think it's quite hazardous to use/allow ANY and would prefer the
upgrade_method (worker->s->upgrade) to be a list of acceptable
protocols.

The admin surely knows which protocol(s) the backend supports, the
issue being that otherwise most backends will ignore the Upgrade and
hence the connection will continue in normal HTTP (tunneled w/o any
protocol checking).

IMO the Upgrade handling should be part of mod_proxy_http (not
_wstunnel) and depend on whether or not the backend accepted it.

It was already discussed in [1], well, I can't say that the idea was
unanimous at that time...
The proposed patch there is probably outdated now, but I still find it
safer than what we have now.

Regards,
Yann.

[1] https://www.mail-archive.com/dev@httpd.apache.org/msg66204.html

Reply via email to