Bug 57139

Summary: mod_proxy uses wrong Host header when using an HTTPS proxy
Product: Apache httpd-2 Reporter: Szabolcs Gyurko <szabolcs>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal CC: hendrik.harms
Priority: P2 Keywords: FixedInTrunk, PatchAvailable
Version: 2.4.10   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: PatchAvailable

Description Szabolcs Gyurko 2014-10-24 18:00:17 UTC
When using mod_proxy and SSL backend with through a proxy, mod_proxy generates the wrong Host header.

1.) define a proxy using ProxyRemote (e.g.: ProxyRemote https://backend.com http://myproxy:8080
2.) Use ProxyPass to pass a connection to https://backend.com (e.g.: ProxyPass /mypath https://backend.com/target.path

mod_proxy will properly generate the HTTP CONNECT method but will use the proxy's hostname in the SSL request.

This causes the backend (another httpd for instance) refuse the connection.
Comment 1 Szabolcs Gyurko 2014-10-24 18:03:30 UTC
Created attachment 32144 [details]
PatchAvailable

This patch fixes the overridden Host header. The override happens when the code adds the HTTP CONNECT method prepending the request. The code later uses the proxy's (defined by ProxyRemote) host inside the SSL request.
Comment 2 Ruediger Pluem 2014-10-24 19:01:22 UTC
Thanks for the patch. Committed to trunk as r1634120.
Comment 3 Yann Ylavic 2015-02-25 16:58:23 UTC
Backport to 2.4.x proposed in r1662261.
Comment 4 Yann Ylavic 2015-04-24 20:04:54 UTC
Backported to 2.4.12 in r1673941.