On Thu, Aug 11, 2016 at 6:56 PM, William A Rowe Jr <[email protected]> wrote: > > I haven't dug terribly deeply into the proxy mechanics yet, but the same > parser for headers is used for response header processing as well as the > request processing.
They don't share the same code, though, ap_proxy_read_headers() would need the same "strictification" than ap_get_mime_headers(_ex)() currently, or be replaced by the latter. > It seems that the two need some potentially different > rulesets. If you are running a forward proxy, you would want to be quite > strict about the responses. If you are only a gateway of trusted backend > servers and apps, you might want to be more tolerant (although Roy and > Jim may disagree with me on this.) +1, behind 2.2 proxies (but possibly 2.4 too), there are some outdated backends/applications (supporting SSLv3 only...) that don't receive many (if any) maintenance but just work, and for that reason where placed behing a proxy.
