Bug 36468 - proxy_http doesn't set the hostname when doing reverse proxy
Summary: proxy_http doesn't set the hostname when doing reverse proxy
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.0.54
Hardware: All Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2005-09-02 00:59 UTC by Rob Crittenden
Modified: 2010-05-13 10:57 UTC (History)
0 users



Attachments
copy the hostname into the client connection structure (440 bytes, patch)
2005-09-02 01:00 UTC, Rob Crittenden
Details | Diff
copy the hostname into the client connection structure (628 bytes, patch)
2010-05-11 13:08 UTC, joshkayse
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Rob Crittenden 2005-09-02 00:59:29 UTC
When doing a reverse proxy the proxy client connection remote_host field isn't
populated. Since this is already available as a result of the ProxyPassReverse
entry it makes sense to pass this on.

Otherwise a client that may want this hostname value has no access to it until
the request is being processed and in the case of an input filter that does
something like SSL may be too late. 

SSL connections should compare the requested hostname value with the certificate
subject returned by remote server. This is the only protection against
man-in-the-middle attacks. Once mod_proxy populates this field then SSL
connections can do this comparison.
Comment 1 Rob Crittenden 2005-09-02 01:00:20 UTC
Created attachment 16280 [details]
copy the hostname into the client connection structure
Comment 2 Nick Kew 2007-08-29 17:23:54 UTC
Rob, is this still applicable to 2.2?
Comment 3 Rob Crittenden 2007-08-30 07:46:44 UTC
Yes, it is still a problem in 2.2.4.
Comment 4 Nick Kew 2007-09-10 06:00:54 UTC
Do you fancy updating the patch for 2.2?  I'm guessing you have a backend that
looks for the header, so you'll be better-equipped to try it than I am.
Comment 5 joshkayse 2010-05-11 13:08:43 UTC
Created attachment 25428 [details]
copy the hostname into the client connection structure

this patch applies to 2.2.15 and has been tested to fix the bug
Comment 6 joshkayse 2010-05-11 13:09:29 UTC
i added a patch from rob
Comment 7 Rob Crittenden 2010-05-13 10:57:11 UTC
This is fixed upstream (circa 2.2.12). mod_proxy sets the "proxy-request-hostname" note in r->connection->notes with the hostname ofthe backend.

I'm working on changing mod_nss to use this instead (bug https://bugzilla.redhat.com/show_bug.cgi?id=591224)