https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #7 from Bill Barker <billbar...@apache.org> --- (In reply to Christopher Schultz from comment #6) > (In reply to Bill Barker from comment #5) > > Ok, so I miss read the spec. After reading the spec again, I have lost all > > interest in this issue. > > I'm curious: does this simply not interest you, or do you actively think > this is a bad idea, in general, or a bad idea to implement in Tomcat? It just doesn't interest me to support such low-grade proxy servers. Other then that they are popular on a certain well-known hosting site, it doesn't seem worth my effort. If I thought it was a bad idea then I would have expressed a vote. But if this is an itch that somebody wants to scratch, by all means scratch away :). I haven't been able to see how to theoretically break this if it is implemented properly according to the spec, as long as you also have a competent network admin (which presumably applies to the above-mentioned well-known hosting site). If I can sit as man-in-the-middle before the proxy and inject my own "PROXY ..." line, then Tomcat gets two such lines (assuming the proxy is working properly) and mine is rejected just like Tomcat does now. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org