Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 7877:63c66b7cc07c
Added CONNECT method rejection.
No valid CONNECT requests are expected to appear within nginx, since it
is not a forward proxy. Further, request line parsing will reject
proper CONNECT requests anyway, since we don't allow authority-form of
request-target. On the other hand, RFC 7230 specifies separate message
length rules for CONNECT which we don't support, so make sure to always
reject CONNECTs to avoid potential abuse.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 28 Jun 2021 18:01:04 +0300 |
| parents | 8989fbd2f89a |
| children | 52338ddf9e2f |
comparison
equal
deleted
inserted
replaced
| 7876:b290610bf812 | 7877:63c66b7cc07c |
|---|---|
| 244 if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' ')) | 244 if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' ')) |
| 245 { | 245 { |
| 246 r->method = NGX_HTTP_OPTIONS; | 246 r->method = NGX_HTTP_OPTIONS; |
| 247 } | 247 } |
| 248 | 248 |
| 249 if (ngx_str7_cmp(m, 'C', 'O', 'N', 'N', 'E', 'C', 'T', ' ')) | |
| 250 { | |
| 251 r->method = NGX_HTTP_CONNECT; | |
| 252 } | |
| 253 | |
| 249 break; | 254 break; |
| 250 | 255 |
| 251 case 8: | 256 case 8: |
| 252 if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D')) | 257 if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D')) |
| 253 { | 258 { |