diff --git a/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ConnectHandler.java b/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ConnectHandler.java
index 0fe85f9b28a..c186d63849a 100644
--- a/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ConnectHandler.java
+++ b/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ConnectHandler.java
@@ -28,6 +28,7 @@ import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.Executor;
+
 import javax.servlet.AsyncContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -44,6 +45,7 @@ import org.eclipse.jetty.io.SelectChannelEndPoint;
 import org.eclipse.jetty.io.SelectorManager;
 import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.HttpConnection;
+import org.eclipse.jetty.server.HttpTransport;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.handler.HandlerWrapper;
 import org.eclipse.jetty.util.BufferUtil;
@@ -210,14 +212,14 @@ public class ConnectHandler extends HandlerWrapper
      * <p>CONNECT requests may have authentication headers such as {@code Proxy-Authorization}
      * that authenticate the client with the proxy.</p>
      *
-     * @param jettyRequest  Jetty-specific http request
+     * @param baseRequest  Jetty-specific http request
      * @param request       the http request
      * @param response      the http response
      * @param serverAddress the remote server address in the form {@code host:port}
      */
-    protected void handleConnect(Request jettyRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
+    protected void handleConnect(Request baseRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
     {
-        jettyRequest.setHandled(true);
+        baseRequest.setHandled(true);
         try
         {
             boolean proceed = handleAuthentication(request, response, serverAddress);
@@ -256,8 +258,18 @@ public class ConnectHandler extends HandlerWrapper
 
             if (LOG.isDebugEnabled())
                 LOG.debug("Connecting to {}", address);
-
-            ConnectContext connectContext = new ConnectContext(request, response, asyncContext, HttpConnection.getCurrentConnection());
+            
+            HttpTransport transport = baseRequest.getHttpChannel().getHttpTransport();
+            
+            if (!(transport instanceof HttpConnection))
+            {
+                if (LOG.isDebugEnabled())
+                    LOG.debug("CONNECT forbidden for {}", transport);
+                sendConnectResponse(request, response, HttpServletResponse.SC_FORBIDDEN);
+                return;
+            }
+            
+            ConnectContext connectContext = new ConnectContext(request, response, asyncContext, (HttpConnection)transport);
             if (channel.connect(address))
                 selector.accept(channel, connectContext);
             else
diff --git a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyTunnellingTest.java b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyTunnellingTest.java
index c12b9f266f3..c98d7bc2292 100644
--- a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyTunnellingTest.java
+++ b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyTunnellingTest.java
@@ -347,9 +347,9 @@ public class ProxyTunnellingTest
         startProxy(new ConnectHandler()
         {
             @Override
-            protected void handleConnect(Request jettyRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
+            protected void handleConnect(Request baseRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
             {
-                HttpConnection.getCurrentConnection().close();
+                ((HttpConnection)baseRequest.getHttpChannel().getHttpTransport()).close();
             }
         });
 
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java
index ec564a05969..dc673738c28 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/SecuredRedirectHandler.java
@@ -42,14 +42,14 @@ public class SecuredRedirectHandler extends AbstractHandler
     @Override
     public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
     {
-        HttpConnection connection = HttpConnection.getCurrentConnection();
-        if (baseRequest.isSecure() || (connection == null))
+        HttpChannel<?> channel = baseRequest.getHttpChannel();
+        if (baseRequest.isSecure() || (channel == null))
         {
             // nothing to do
             return;
         }
 
-        HttpConfiguration httpConfig = connection.getHttpConfiguration();
+        HttpConfiguration httpConfig = channel.getHttpConfiguration();
         if (httpConfig == null)
         {
             // no config, show error