>Number: 3912
>Category: general
>Synopsis: Apache adds Content-Location with ProxyPass
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Feb 17 14:10:00 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.3
>Environment:
RedHat Linux 5.2, apache 1.3.3 from RedHat rpm-package.
apache-1.3.3-1, glibc-2.0.7-29
>Description:
We are using apache and ProxyPass to hide the thing that our (and our
custommers) websites have been split to several servers. ProxyPass is fine for
this, except that it does not work correctly on this architecture.
Parts of site are on Microsoft IIS server (yuck), and other parts on apache
server running on Linux
When we are using ProxyPass on apache server (1.3.4 running solaris) without
any virtual-hosts everything runs fine.
But when I tried this same thing on RedHat Linux 5.2 (apache 1.3.3) problems
exist.
When client requests url from this site apache adds lots of headers to those
what IIS has generated (apache running on solaris does not add these headers)
These headers include Content-Location, which reveals information about servers
(this address is from private address-space, so it does not work from outside
world)
Lynx uses this content-location header to generate URLs of links. So lynx-users
are unable to browse those pages.
This server has Name-based virtual hosts in use.
>How-To-Repeat:
http://kamera.kpo.fi/bmstest/
>Fix:
no.
Header unset Content-Location does not fix this.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
