On 23.04.2012 17:11, Michael Weiser wrote: > I don't think so: I'm not directing the Proxy to connect to a different > host. I just make it send different SNI data to the configured backend > server and accept a different CN in the server's certificate.
I guess it boils down to the question of what the semantics of ProxyPass are / should be. Currently, the docs say (for 2.0/2.2./2.4): > This directive allows remote servers to be mapped into the space of > the local server; the local server does not act as a proxy in the > conventional sense, but appears to be a mirror of the remote server. > _path_ is the name of a local virtual path; _url_ is a partial URL for > the remote server and cannot include a query string. With the patch you proposed in PR 53134, the docs about ProxyPass would have to be amended with something like: "If ProxyPreserveHost is turned on, the host component of _url_ is used to determine what host to connect to at the network layer, but is otherwise ignored (only the scheme and path components are taken into account)." Whether that is desired or not probably depends on a judgement of possible use cases. As far as I'm concerned, I'm not convinced that there are really good reasons for "playing the ProxyPreserveHost trick" (neither for https nor for http, actually), but YMMV. Kaspar