Re: [PATCH] BUG/MINOR: reject malformed HTTP/0.9 requests
Hi Apollon, On Sun, Apr 06, 2014 at 02:46:00AM +0300, Apollon Oikonomopoulos wrote: > RFC 1945 (§4.1) defines an HTTP/0.9 request ("Simple-Request") as: > > Simple-Request = "GET" SP Request-URI CRLF > > HAProxy tries to automatically upgrade HTTP/0.9 requests to > to HTTP/1.0, by appending "HTTP/1.0" to the request and setting the > Request-URI to "/" if it was not present. The latter however is > RFC-incompatible, as HTTP/0.9 requests must already have a Request-URI > according to the definition above. Additionally, > http_upgrade_v09_to_v10() does not check whether the request method is > indeed GET (the mandatory method for HTTP/0.9). > > As a result, any single- or double-word request line is regarded as a > valid HTTP request. We fix this by failing in http_upgrade_v09_to_v10() > if the request method is not GET or the request URI is not present. In fact I intentionally made this choice because Apache does the same and wanted to ensure the least possible breakage by inserting haproxy in front of it (you can't imagine how users are picky when something does not work anymore after they install your product). But I agree that the URI is mandatory according to the RFC, and even according to Tim BL's original WWWDaemon (which used to only process GET requests containing a URI). These days we don't need to prove that we don't break anything, so I think it's fine to change this behaviour. So I have merged your patch into 1.5. I don't intend to backport it into 1.4-stable however. Thanks! Willy
Luxury items for the stars
Give her a fantastic watch
[PATCH] BUG/MINOR: reject malformed HTTP/0.9 requests
RFC 1945 (§4.1) defines an HTTP/0.9 request ("Simple-Request") as: Simple-Request = "GET" SP Request-URI CRLF HAProxy tries to automatically upgrade HTTP/0.9 requests to to HTTP/1.0, by appending "HTTP/1.0" to the request and setting the Request-URI to "/" if it was not present. The latter however is RFC-incompatible, as HTTP/0.9 requests must already have a Request-URI according to the definition above. Additionally, http_upgrade_v09_to_v10() does not check whether the request method is indeed GET (the mandatory method for HTTP/0.9). As a result, any single- or double-word request line is regarded as a valid HTTP request. We fix this by failing in http_upgrade_v09_to_v10() if the request method is not GET or the request URI is not present. --- src/proto_http.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index df33991..c23fa54 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -1777,14 +1777,16 @@ static int http_upgrade_v09_to_v10(struct http_txn *txn) if (msg->sl.rq.v_l != 0) return 1; + /* RFC 1945 allows only GET for HTTP/0.9 requests */ + if (txn->meth != HTTP_METH_GET) + return 0; + cur_end = msg->chn->buf->p + msg->sl.rq.l; delta = 0; if (msg->sl.rq.u_l == 0) { - /* if no URI was set, add "/" */ - delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " /", 2); - cur_end += delta; - http_msg_move_end(msg, delta); + /* HTTP/0.9 requests *must* have a request URI, per RFC 1945 */ + return 0; } /* add HTTP version */ delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11); -- 1.9.1
No joining fee, no annual fee only on your Platinum Rewards Card
You have received this email because you indicated that you would like to receive special offers through Youmint. To unsubscribe, please contact Youmint. If you have difficulties viewing this mail, click here. Its good to have a credit card that rewards you Dear Customer, Presenting the Standard Chartered Platinum Rewards Card with one of the best in class Rewards Program. With this card, you can enjoy platinum privileges which are free for life, just by applying online. Features and benefits of Platinum Rewards Card: *Terms & conditions apply. Standard Chartered Bank reserves the right to ask for any additional documents from the applicant. Standard Chartered Bank shall be entitled to, at its sole discretion, at any time, amend the terms and conditions and all such amendments shall be conclusive and binding on the customer.
RE: Compile ZLIB in OpenBSD 5.4
> You should use bsd make with Makefile.bsd provided in HAProxy source > archive or git. Problem is bsd and osx Makefiles don't support USE flags, so they can't be used to enable zlib, ssl, etc. If using GNU make is not an option, add -lz to ADDLIB in Makefile.bsd (72nd line): ADDLIB = -lz and then compile with the USE flag (so that you workaround the #ifdefs): make -f Makefile.bsd USE_ZLIB=1 Thats should make it work. Regards, Lukas
Re: Compile ZLIB in OpenBSD 5.4
What is a option for enable zlib in makefile.bsd? El 05/04/2014 09:26, "Baptiste" escribió: > You should use bsd make with Makefile.bsd provided in HAProxy source > archive or git. > > Baptiste > > On Sat, Apr 5, 2014 at 1:43 AM, William Lallemand > wrote: > > On Fri, 4 Apr 2014 18:36:10 -0300 > > Jorge Severino wrote: > > > >> root@haproxy01 $ make TARGET=openbsd CPU=native USE_ZLIB=1 > >> ZLIB_INC=/usr/include ZLIB_LIB=/usr/lib > >> *** Parse error in /tmp/haproxy-1.5-dev22: Missing dependency operator > >> (Makefile:202) > >> *** Parse error: Need an operator in 'else' (Makefile:206) > >> *** Parse error: Missing dependency operator (Makefile:207) > >> *** Parse error: Need an operator in 'else' (Makefile:213) > >> [...] > > > > You should install and use GNU Make, not the BSD one. > > > > > > -- > > William Lallemand > > >
Re: Compile ZLIB in OpenBSD 5.4
You should use bsd make with Makefile.bsd provided in HAProxy source archive or git. Baptiste On Sat, Apr 5, 2014 at 1:43 AM, William Lallemand wrote: > On Fri, 4 Apr 2014 18:36:10 -0300 > Jorge Severino wrote: > >> root@haproxy01 $ make TARGET=openbsd CPU=native USE_ZLIB=1 >> ZLIB_INC=/usr/include ZLIB_LIB=/usr/lib >> *** Parse error in /tmp/haproxy-1.5-dev22: Missing dependency operator >> (Makefile:202) >> *** Parse error: Need an operator in 'else' (Makefile:206) >> *** Parse error: Missing dependency operator (Makefile:207) >> *** Parse error: Need an operator in 'else' (Makefile:213) >> [...] > > You should install and use GNU Make, not the BSD one. > > > -- > William Lallemand >