On Tue, Jul 11, 2017 at 1:41 PM, <[email protected]> wrote: > Author: jfclere > Date: Tue Jul 11 11:41:44 2017 > New Revision: 1801594 > > URL: http://svn.apache.org/viewvc?rev=1801594&view=rev > Log: > > Add logic to read the Upgrade header and use it in the response. > Use we you are proxying to a server that has multiple upgrade on the same > IP/Port. > PR 61142
I think it's quite hazardous to use/allow ANY and would prefer the upgrade_method (worker->s->upgrade) to be a list of acceptable protocols. The admin surely knows which protocol(s) the backend supports, the issue being that otherwise most backends will ignore the Upgrade and hence the connection will continue in normal HTTP (tunneled w/o any protocol checking). IMO the Upgrade handling should be part of mod_proxy_http (not _wstunnel) and depend on whether or not the backend accepted it. It was already discussed in [1], well, I can't say that the idea was unanimous at that time... The proposed patch there is probably outdated now, but I still find it safer than what we have now. Regards, Yann. [1] https://www.mail-archive.com/[email protected]/msg66204.html
