Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7877:63c66b7cc07c
Added CONNECT method rejection.
No valid CONNECT requests are expected to appear within nginx, since it
is not a forward proxy. Further, request line parsing will reject
proper CONNECT requests anyway, since we don't allow authority-form of
request-target. On the other hand, RFC 7230 specifies separate message
length rules for CONNECT which we don't support, so make sure to always
reject CONNECTs to avoid potential abuse.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 28 Jun 2021 18:01:04 +0300 |
| parents | fdc3d40979b0 |
| children | 41f4bd4c51f1 |
comparison
equal
deleted
inserted
replaced
| 7876:b290610bf812 | 7877:63c66b7cc07c |
|---|---|
| 3604 { 4, "MOVE", NGX_HTTP_MOVE }, | 3604 { 4, "MOVE", NGX_HTTP_MOVE }, |
| 3605 { 9, "PROPPATCH", NGX_HTTP_PROPPATCH }, | 3605 { 9, "PROPPATCH", NGX_HTTP_PROPPATCH }, |
| 3606 { 4, "LOCK", NGX_HTTP_LOCK }, | 3606 { 4, "LOCK", NGX_HTTP_LOCK }, |
| 3607 { 6, "UNLOCK", NGX_HTTP_UNLOCK }, | 3607 { 6, "UNLOCK", NGX_HTTP_UNLOCK }, |
| 3608 { 5, "PATCH", NGX_HTTP_PATCH }, | 3608 { 5, "PATCH", NGX_HTTP_PATCH }, |
| 3609 { 5, "TRACE", NGX_HTTP_TRACE } | 3609 { 5, "TRACE", NGX_HTTP_TRACE }, |
| 3610 { 7, "CONNECT", NGX_HTTP_CONNECT } | |
| 3610 }, *test; | 3611 }, *test; |
| 3611 | 3612 |
| 3612 if (r->method_name.len) { | 3613 if (r->method_name.len) { |
| 3613 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 3614 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| 3614 "client sent duplicate :method header"); | 3615 "client sent duplicate :method header"); |