Hello Dave, to what I see the Forwarded header is used by httpd only to generate correct URLs in the responses.
Moreover, adding for= to Forwarded: in write_forwarding_hdrs, that is never used, is kind of overengineering. Greetings Дилан On June 21, 2018 8:19:04 PM GMT+02:00, Dave McMurtrie <dav...@andrew.cmu.edu> wrote: >On Thu, 21 Jun 2018, Дилян Палаузов wrote: > >> Hello, >> >> Nginx being proxy removes the Etag when sub(stutions) are involved >> (https://forum.nginx.org/read.php?2,242807,242809#msg-242809). >> >> If Nginx is used as proxy and it returns ETags on GET, then most >> probably the backend runs already on https and has the right >hostname, >> so that nginx doesn't need any rewritings. >> >> Now, if a client sends Forwarded header and httpd, not being behind a > >> reverse proxy, interprets it, replacing the schema and hostname in >the >> answer, e.g the URL: in /freebusy/user/... request, then the >behaviour >> of httpd by interpreting the header will be correct: the client asked > >> for troubles and got troubles. The troubles however do will not >happen >> if httpd is behind a proxy and the proxy inserts Forwarded, as only >the >> last Forwarded is supposed to be interpreted. Irgnoring in this case > >> Forwarded, as this is anyway now the case, is also correct. >> >> So I propose removing the checks in >imap/http_proxy.c:http_proto_host() >> for config_mupdate_server and proxyservers. > >Wouldn't that break in a murder configuration? proxyservers is how the > >backend httpd server knows it's an authorized frontend proxy connecting >to >it. > >Dave