Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 7877:63c66b7cc07c
Added CONNECT method rejection.
No valid CONNECT requests are expected to appear within nginx, since it
is not a forward proxy. Further, request line parsing will reject
proper CONNECT requests anyway, since we don't allow authority-form of
request-target. On the other hand, RFC 7230 specifies separate message
length rules for CONNECT which we don't support, so make sure to always
reject CONNECTs to avoid potential abuse.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 28 Jun 2021 18:01:04 +0300 |
parents | 8989fbd2f89a |
children | 52338ddf9e2f |
comparison
equal
deleted
inserted
replaced
7876:b290610bf812 | 7877:63c66b7cc07c |
---|---|
244 if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' ')) | 244 if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' ')) |
245 { | 245 { |
246 r->method = NGX_HTTP_OPTIONS; | 246 r->method = NGX_HTTP_OPTIONS; |
247 } | 247 } |
248 | 248 |
249 if (ngx_str7_cmp(m, 'C', 'O', 'N', 'N', 'E', 'C', 'T', ' ')) | |
250 { | |
251 r->method = NGX_HTTP_CONNECT; | |
252 } | |
253 | |
249 break; | 254 break; |
250 | 255 |
251 case 8: | 256 case 8: |
252 if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D')) | 257 if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D')) |
253 { | 258 { |