When a proxied site was being served, Apache was replacing

the original site Server header with it's own, which is not
allowed by RFC2616. Fixed.
PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94133 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index a5dfd288e8284039e6ed923ae92f98cf80682200..f045f9db9fd231443fc3c283dff5e52c2729ea6a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.34-dev
 
+  *) When a proxied site was being served, Apache was replacing
+     the original site Server header with it's own, which is not
+     allowed by RFC2616. Fixed. [Graham Leggett]
+
   *) Fix a mod_cgid problem that left daemon processes stranded
      in some server restart scenarios.  [Jeff Trawick]
 

diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index f80ec770aa53207f369d599c2ddfccfcd09d823f..8b5a18ffddb60ec5413105db47537cdbc43eae34 100644 (file)
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1005,6 +1005,7 @@ static void basic_http_header(request_rec *r, apr_bucket_brigade *bb,
 {
     char *date;
     char *tmp;
+    const char *server;
     header_struct h;
     apr_size_t len;
 
@@ -1026,8 +1027,17 @@ static void basic_http_header(request_rec *r, apr_bucket_brigade *bb,
     h.pool = r->pool;
     h.bb = bb;
     form_header_field(&h, "Date", date);
-    form_header_field(&h, "Server", ap_get_server_version());
 
+    /* keep a previously set server header (possibly from proxy), otherwise
+     * generate a new server header */
+    if (server = apr_table_get(r->headers_out, "Server")) {
+        form_header_field(&h, "Server", server);
+    }
+    else {
+        form_header_field(&h, "Server", ap_get_server_version());
+    }
+
+    /* unset so we don't send them again */
     apr_table_unset(r->headers_out, "Date");        /* Avoid bogosity */
     apr_table_unset(r->headers_out, "Server");
 }