bneradt commented on pull request #8465: URL: https://github.com/apache/trafficserver/pull/8465#issuecomment-957921830
> This breaks TLS connections to a forward proxy for http:// URLs from remote users: > > ``` > curl -v --proxy 'https://proxy.example.com:8081/' http://example.org/ > ``` > > results in a 400 Bad Request and will log > > ``` > [date] [ET_NET 1] DEBUG: <HttpSM.cc:889 (state_read_client_request_header)> (http) scheme [http] vs. protocol [tls] mismatch > ``` > > One can complicate with authentication and so on, but the idea is that the client can keep local prying eyes from seeing its http requests to the proxy. > > If this is deliberate, and the intention is not to make it possible to override, then it should probably be documented. Thank you for this observation @rottegift. I added test coverage for this forward proxy scenario here: https://github.com/apache/trafficserver/pull/8485 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
