Bug 57139 - mod_proxy uses wrong Host header when using an HTTPS proxy
Summary: mod_proxy uses wrong Host header when using an HTTPS proxy
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.4.10
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2014-10-24 18:00 UTC by Szabolcs Gyurko
Modified: 2015-04-24 20:04 UTC (History)
1 user (show)



Attachments
PatchAvailable (719 bytes, patch)
2014-10-24 18:03 UTC, Szabolcs Gyurko
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Szabolcs Gyurko 2014-10-24 18:00:17 UTC
When using mod_proxy and SSL backend with through a proxy, mod_proxy generates the wrong Host header.

1.) define a proxy using ProxyRemote (e.g.: ProxyRemote https://backend.com http://myproxy:8080
2.) Use ProxyPass to pass a connection to https://backend.com (e.g.: ProxyPass /mypath https://backend.com/target.path

mod_proxy will properly generate the HTTP CONNECT method but will use the proxy's hostname in the SSL request.

This causes the backend (another httpd for instance) refuse the connection.
Comment 1 Szabolcs Gyurko 2014-10-24 18:03:30 UTC
Created attachment 32144 [details]
PatchAvailable

This patch fixes the overridden Host header. The override happens when the code adds the HTTP CONNECT method prepending the request. The code later uses the proxy's (defined by ProxyRemote) host inside the SSL request.
Comment 2 Ruediger Pluem 2014-10-24 19:01:22 UTC
Thanks for the patch. Committed to trunk as r1634120.
Comment 3 Yann Ylavic 2015-02-25 16:58:23 UTC
Backport to 2.4.x proposed in r1662261.
Comment 4 Yann Ylavic 2015-04-24 20:04:54 UTC
Backported to 2.4.12 in r1673941.