On Mon, Apr 01, 2019 at 02:30:22AM +0200, Florian Obser wrote:
> OK?
>
> diff --git server_http.c server_http.c
> index 6c8549d2b41..f04a15bd056 100644
> --- server_http.c
> +++ server_http.c
> @@ -1176,7 +1176,7 @@ server_response(struct httpd *httpd, struct client *clt)
> struct http_descriptor *resp = clt->clt_descresp;
> struct server *srv = clt->clt_srv;
> struct server_config *srv_conf = &srv->srv_conf;
> - struct kv *kv, key, *host;
> + struct kv *kv, key, *host, *ua;
> struct str_find sm;
> int portval = -1, ret;
> char *hostval, *query;
> @@ -1194,6 +1194,15 @@ server_response(struct httpd *httpd, struct client
> *clt)
> if ((desc->http_path = strdup(path)) == NULL)
> goto fail;
>
> + key.kv_key = "user-agent";
I think this should be "User-Agent" to match the other cases in
the file.
With that change, ok brynet@
> + if ((ua = kv_find(&desc->http_headers, &key)) != NULL &&
> + ua->kv_value != NULL) {
> + if (strstr(ua->kv_value, "curl") != NULL) {
> + server_abort_http(clt, 403, "forbidden");
> + return (-1);
> + }
> + }
> +
> key.kv_key = "Host";
> if ((host = kv_find(&desc->http_headers, &key)) != NULL &&
> host->kv_value == NULL)
>
> --
> I'm not entirely sure you are real.
>
>
