httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <>
Subject [users@httpd] ProxyPreserveHost doesn't work with SSL
Date Fri, 01 Jul 2016 16:26:14 GMT
Dear all,

I'm reverse proxying requests on Apache/2.4.18 (stock version on Ubuntu 
16.04) via SSL to an application running on IIS 7.0. Somehow, despite 
ProxyPreserveHost, IIS app manages to sniff IP-address 
specified in ProxyPass (see below) and breaks. If I replace 
with and put "" in /etc/hosts everything 
works (but I don't like the solution).

Because of SSL the problem is somewhat hard to debug, can't just packet 
trace. I tried to replace IIS application with CGI script on different 
Apache, without SSL, and found that ProxyPreserveHost is not ignored 
(environment variable SERVER_NAME set correctly to I guess 
for SSL the ProxyPreserveHost is implemented partially, i.e. for Host 
header but not for SNI. Any ideas on how to investigate?

Here's the complete virtualhost configuration:
<VirtualHost *:443>

     SSLEngine on
     SSLCertificateFile  /etc/ssl/certs/myapp.pem
     SSLCertificateKeyFile /etc/ssl/private/myapp.key

     SSLProxyEngine on
     SSLProxyProtocol all
     SSLProxyCipherSuite ALL
     SSLProxyVerify none
     SSLProxyCheckPeerCN off
     SSLProxyCheckPeerName off
     SSLProxyCheckPeerExpire off

     <Location />
         ProxyPreserveHost on
         ProxyPass connectiontimeout=300 timeout=300
         ProxyPassReverse /


With Best Regards,
Marat Khalili

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message