httpd behind proxy

Ken Murchison murch at
Wed Jun 20 13:10:45 EDT 2018

On 06/20/2018 12:23 PM, Dilyan Palauzov wrote:
> Hello,
> I want to run cyrus-httpd behind proxy, making it to listen to 
>  It then sends on /freebusy/user/me URL: 
> , which I don't want.  If I tweak 
> the front-end, nginx, to rewrite -> my hostname, Nginx is 
> smart enogh and removes the ETags sent by cyrus/httpd, so this 
> approach does not work.
> Then I decided to insert "Forwarded: host=my host; proto=https" 
> header, however imap/http_proxy.c:http_proto_host handles the 
> Forwarded header only
>     if (config_mupdate_server && 
> config_getstring(IMAPOPT_PROXYSERVERS) &&
>         (fwd = spool_getheader(req_hdrs, "Forwarded"))) {
>         /* Proxied request - parse last Forwarded header for proto and 
> host */
> What is the rationale behind interpreting Forwarded only when 
> mupdate_server and proxyservers are set?

I don't recall if I had any specific reason in mind when I added that 
check.  The downside of removing the check is that a client can do as 
you plan to and can cause the server to change URLs in replies.  I'm not 
a security expert, but this seems like something we don't allow a client 
to do.

I know that we (FastMail) run Cyrus behind nginx and this hasn't become 
an issue, unless our ops guys have patched Cyrus or found a different 
way to handle this in Nginx.  Bron may know, once he wakes up.

Ken Murchison
Cyrus Development Team
FastMail US LLC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: murch.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <>

More information about the Cyrus-devel mailing list