proxy_http.c:966
/* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be
* suppressed if THIS server requested the authentication,
* not when a frontend proxy requested it!
*
* The solution to this problem is probably to strip out
* the Proxy-Authorisation header in the authorisation
* code itself, not here. This saves us having to signal
* somehow whether this request was authenticated or not.
*/
|| !strcasecmp(headers_in[counter].key,"Proxy-Authorization")
|| !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")) {
I think this code denies any connection to a Forward-Proxy with
Proxy-Authorization even if I try to fake the Proxy-Authorization
Header with mod_headers (RequestHeader).
I know that the Proxy-Authorization Header is a Hop-to-Hop Header
that should be filtered. But the apache is neither able to send a
407 Response nor able to verify the Proxy-Authorization Header.
So I think it would be the best to pass through the Proxy-Authorization
Header.
If this is not possible, it would be nice to have something like
ProxyRemote * http://proxy-user:[EMAIL PROTECTED]
Regards,
Hendrik
--
----------------------------------------------------------
Hendrik Harms
