> I would have to disagree with whether Host: headers should be required, > given that the HTTP/1.1 specification explicitly says [RFC2616]: > > "All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad > Request) status code to any HTTP/1.1 request message which lacks a Host > header field." > > The client also "MUST" send a Host: header in every request, it is not > an optional field. Changing only the version number on the CONNECT line > OpenVPN sends does not make it a real HTTP/1.1 request.
I would second that and therefore consider this behaviour as a bug. Additionally, my setup requires to have all VirtualHosts on Port 80, so without the header an effective disambiguation is impossible. Lars
smime.p7s
Description: S/MIME Cryptographic Signature
