On Sat, 14 Dec 2013 10:25:00 +0100 Kaspar Brand <httpd-dev.2...@velox.ch> wrote:
> On 14.12.2013 09:36, William A. Rowe Jr. wrote: > ProxyPass is not involved in the SSL forward proxy case at all, as I > already tried to point out. Good, we've finally agreed. This entire thread has been on forward proxy, so I'm glad you've decided to stop delving into the ProxyPass side of this misbehavior. > Just unload mod_proxy_http and mod_ssl > from the configuration, and you'll find that forward proxying https:// > requests continues to work perfectly, i.e. is completely unaffected by > any code in these two modules (mod_proxy_connect is all it takes) I'm just wondering two days later if I'm the only one struck by the madness of insisting 'httpd can only do one thing at once', or whether I'm one of many who were too taken aback to respond yet. One thing httpd has done for years is 'walk and chew gum at the same time', and done it well. If you are actually arguing for retaining a defect on the basis that it is acceptable to require the user drop modules used by other hosts running in the same process, I'm pretty sure your solution is not acceptable to the pmc of this project. The user-agent must use an https CONNECT from the user agent to the proxy server (using mod_ssl) lest the entire office/floor/it ops center sniff that traffic off the wire. Your solution is devoid of any sense of logic or security.
