git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: d9c1d1b) | patch

author	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:04 +0000 (18:01 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:04 +0000 (18:01 +0300)
commit	5f85bb3714a81d158f4d849ad5c61aec2737a9f0
tree	432fbcb511cea5b4f1583e365883af738f8c92d4	tree \| snapshot
parent	d9c1d1bae7ae2c83fb65ca00a47ad6c1199a691e	commit \| diff

Added CONNECT method rejection.

No valid CONNECT requests are expected to appear within nginx, since it
is not a forward proxy. Further, request line parsing will reject
proper CONNECT requests anyway, since we don't allow authority-form of
request-target. On the other hand, RFC 7230 specifies separate message
length rules for CONNECT which we don't support, so make sure to always
reject CONNECTs to avoid potential abuse.

src/http/ngx_http_parse.c		diff \| blob \| history
src/http/ngx_http_request.c		diff \| blob \| history
src/http/ngx_http_request.h		diff \| blob \| history
src/http/v2/ngx_http_v2.c		diff \| blob \| history

nginx upstream