Apache httpd as reverse proxy in front of Tomcat 10.1 - Different Connectors vs. HTTP request smuggling

Hello, I have some questions about HTTP request smuggling in the context of Tomcat with Apache httpd as its reverse proxy. First of all, a few words about my current setup: At the moment I have a few applications that are deployed this way: I use Tomcat 10.1 as my backend server. It only

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

5 May 2023 18:21:02 Alvaro Garay : Hi, Tomcat version: 9.0.73 Operating system: Unix z/OS System I have a question in regard to the Connector attribute allowHostHeaderMismatch=false which checks the request line is consistent with the Host Header. So in this scenario, I have the

Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

Hi, Tomcat version: 9.0.73 Operating system: Unix z/OS System I have a question in regard to the Connector attribute allowHostHeaderMismatch=false which checks the request line is consistent with the Host Header. So in this scenario, I have the request line using the absolute path with a