Strip hop-by-hop headers in proxy response

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@580044 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ad3ccc9327b8151fe39c27dbbe86e40b61c7e866..ef83f5144144a7e6f0a170b7fce34b1acb8cd708 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_proxy_http: strip hop-by-hop response headers
+     PR 43455 [Nick Kew]
+
   *) HTTP protocol: Add "DefaultType none" option.
      PR 13986 and PR 16139 [Nick Kew]
 

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 9e7a0e2c32af017b2cc3c9003252fea4e8d3d96f..244286be310b536a8413ce16e69992900efd3534 100644 (file)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -1229,6 +1229,9 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
     int pread_len = 0;
     apr_table_t *save_table;
     int backend_broke = 0;
+    static const char *hop_by_hop_hdrs[] =
+        {"Keep-Alive", "Proxy-Authenticate", "TE", "Trailers", "Upgrade", NULL};
+    int i;
 
     bb = apr_brigade_create(p, c->bucket_alloc);
 
@@ -1369,6 +1372,11 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
             }
             ap_proxy_pre_http_request(origin,rp);
 
+            /* Clear hop-by-hop headers */
+            for (i=0; hop_by_hop_hdrs[i]; ++i) {
+                apr_table_unset(r->headers_out, hop_by_hop_hdrs[i]);
+            }
+
             /* handle Via header in response */
             if (conf->viaopt != via_off && conf->viaopt != via_block) {
                 const char *server_name = ap_get_server_name(r);