Hi folks, I came across an old issue that was discussed previously under "SSLProxyCheckPeerCN / ProxyPreserveHost issue": http://mail-archives.apache.org/mod_mbox/httpd-dev/201209.mbox/%3c50462600.7010...@kippdata.de%3E
However, I think I have found a legitimate use-case where I do want Apache to behave in the old way. I've detailed the use case in this new bugzilla issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=54656 Assuming that the new behavior since 2.4.3 will be the default going forward, I'm proposing a new directive [1] which would allow Apache in reverse proxy to use the connection hostname for SNI and SSLProxyCheckPeerCN instead of the Host: header. This directive will be added when ProxyPreserveHost is on. I'm curious what your thoughts are on the use case and this proposed directive. Eugene [1] https://issues.apache.org/bugzilla/attachment.cgi?id=30029 (I forgot to add a text extension, so please save it before opening)