| Jim Hatfield 2005-10-24, 10:31 am |
| I've been using ProxyPass and ProxyPassReverse to provide controlled
access from the Internet to an internal server on a private address.
Only selected URI's are proxied and this works very well.
However I noticed quite by chance that even without the ProxyPassReverse
directive, Apache is still rewriting the Location header.
The target server sends back a Location header which does not have a
protocol or hostname, ie:
>Location: /something. jsp;jessionid=ALDSKFJALASLFASJFASLDFJASL
KDJFA
With ProxyPassReverse, this is rewritten to have http:// and the
hostname of the proxy on the front - as expected.
Without ProxyPassReverse, it is still rewritten, but this time it
has http:// and the hostname of the target server.
It would be convenient for me if without the ProxyPassReverse line
it were not rewritten at all, and I'm curious as to why it is. I
would have thought that without any rewriting the client would
connect back using the protocol and hostname used for the initial
connection, which would be OK.
I assume the reason is that the Location header as returned by
the target server does not comply with the HTTP protocol spec, which
mandates an absolute URI - but given that it seems to work it
would be nice if it were left alone.
--
Jim Hatfield
|