On Mon, Sep 27, 2010 at 02:22:00PM +0200, Jan Just Keijser wrote: > ah right, now I see... hmmm 'Host: ...' headers should not be required > by a web server and with apache's Virtual Hosts you can override this using
I would have to disagree with whether Host: headers should be required, given that the HTTP/1.1 specification explicitly says [RFC2616]: "All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field." The client also "MUST" send a Host: header in every request, it is not an optional field. Changing only the version number on the CONNECT line OpenVPN sends does not make it a real HTTP/1.1 request. (From what I can tell, and based on a very quick test, the string "_default_" in an Apache <VirtualHost> config also only matches unlisted IP addresses, and does not change how it processes HTTP requests that claim to be version 1.1 but aren't.) -- Heikki Kallasjoki heikki.kallasj...@iki.fi