Hi, On Thu, Sep 30, 2010 at 03:55:55PM +0100, Lars Hupel wrote: > My expectation would be that the proxy server uses the host name given > after GET (or CONNECT) to regulate access control (and to forward it as > 'new' Host header) and the Host header to disambiguate between multiple > virtual hosts (e. g. like in my case with a configuration where a normal > web server and a proxy server have the same IP address and are > represented by two different Apache virtual hosts). With that, both host > fields would serve different purposes and wouldn't be redundant.
Have you been able to figure out how Apache handles this? Is it using
the Host: header in CONNECT requests for anything, and if yes, what should
be in there? Is that documented anywhere?
To see how "other software" does this, I've tcpdumped firefox going
to a SSL secured banking site, and that's what it does...:
CONNECT banking.postbank.de:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100927
Gentoo Firefox/3.6.9
Proxy-Connection: keep-alive
Host: banking.postbank.de
- so indeed, the Host: header is redundant and somewhat useless here.
Soo...: I ACK the proposed patch as well. It does the same what web browsers
do (no matter how useful or not it might be), the code has no quality issues
and conforms to OpenVPN coding conventions.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpp9fUhW1d1o.pgp
Description: PGP signature
