[squid-users] reverse proxies and Host request header

Amos Jeffries squid3 at treenet.co.nz
Fri Jun 12 22:29:24 UTC 2015


On 13/06/2015 2:08 a.m., Julianne Bielski wrote:
> I have a general question about the use of the http Host request header by
> reverse proxies.
> 
> As I understand it, the Host request header is used by transparent forward
> proxies as a way to route a request to the correct
> origin server since, unlike with an explicit proxy, the host is not
> included in the URI portion of the http method line.
> 
> However, reverse proxies are always "transparent" from the perspective of
> the client and the Host header is often used by the proxy
> to map to the correct back end origin server.

The term "transparent" has been overloaded so much its meaningless by
itself.

Beyond what you are asking and Anthony already answered well. There is
the key difference of DNS involvement between reverse and interception
proxy.

A DNS lookup is used by the client to find and explicitly contact the
reverse proxy. The proxy is able to use that as a guarantee that if the
Host header does not contain a name its pre-configured for handling,
that it can/must reject the request entirely.

The same guarnatee for reverse proxies allows it make free use of all
the origin server features of HTTP without causing security problems to
the client/user. Thus the long list of problems at
<http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Concepts_of_Interception_Caching>
does not apply to reverse proxies.

Amos



More information about the squid-users mailing list