W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Reverse Proxy Header Munging

From: John C. Mallery <jcma@ai.mit.edu>
Date: Wed, 15 Oct 2003 17:18:55 -0400
Message-Id: <p05210604bbb35ff37661@[128.52.39.83]>
To: Peter Watkins <peterw@usa.net>
Cc: Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org

At 15:20 -0400 10/15/03, Peter Watkins wrote:
>John C. Mallery wrote:
>
>>So, what happens if there is more than one reverse proxy in the chain?
>>
>>X-Forwarded-For looks like the ip number of the reverse proxy.
>>
>>X-Forwarded-server looks like the  virtual host (potentially), as you suggest.
>>
>>What is not clear to me is why Apache can't just pass through the HOST header as
>>received and use the VIA header to convey the reverse proxy information to the
>>upstream server.
>>
>>Why is a reverse proxy any  different than a forward proxy? Shouldn't the
>>VIA header do the job? Do we really need to differentiate the IP number from
>>the server domain? Shouldn't the later suffice?
>
>These sound more like Apache/implementation questions than IETF/HTTP spec questions. Why does Apache, from your research, apparently send a different Host header? I could speculate[0] but I'm not sure this is an appropriate forum for discussing this particular behavior.

Hi Peter,

Actually this is more like a HTTP WG issue because the area of reverse proxies is
a dark corner in the standards, where interoperability can be problematic.

Here, we have one example implementation. But, I note that if the reverse proxy is performing
SSL encapsulation for the upstream server, the set of headers provided to the upstream server
is insufficient for it to realize that https URLs should be generated for any redirects to
urls serves through that gateway.

It would seem that lack of guidance from standards is leading to problems.
Received on Wednesday, 15 October 2003 17:19:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT