lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_extforward] save proto per connection

Browse Source 
Even though request headers are per-request, update the proto on the
connection level for trusted (proxy) clients.  Note: the proxy must use
each connection only for a single connection from a single client
(typically true in practice), and not for multiple clients.

proto was previously saved on connection level for mod_extforward with
HAProxy PROXY protocol, but did not occur with X-Forwarded-Proto or the
Forwarded request header with proto=...

Before this change, modules which returned HANDLER_COMEBACK could lose
HTTPS=on if the resulting request was for a backend such as mod_fastcgi.
This was reported in mod_rewrite, but could also affect mod_magnet if
MAGNET_RESTART_REQUEST, or mod_cgi with cgi.local-redir = "enable"

x-ref:
  "FastCGI behavior different when using rewrite?"
  https://redmine.lighttpd.net/boards/2/topics/9293
master
Glenn Strauss 2 years ago
parent b600b75f20
commit 0c7d250034
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/mod_extforward.c

6
src/mod_extforward.c
Unescape View File

@ -606,9 +606,11 @@ static void mod_extforward_set_proto(request_st * const r, const char * const pr
http_header_env_set(r, CONST_STR_LEN("_L_EXTFORWARD_ACTUAL_PROTO"), CONST_BUF_LEN(&r->uri.scheme));
}
if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("https"))) {
r->con->proto_default_port = 443; /* "https" */
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("https"));
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
} else if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("http"))) {
r->con->proto_default_port = 80; /* "http" */
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("http"));
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
}
@ -942,11 +944,9 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
buffer_copy_string_len(r->http_host, s+v, vlen-v);
}
int scheme_port =
buffer_eq_slen(&r->uri.scheme,CONST_STR_LEN("https")) ? 443 : 80;
if (0 != http_request_host_policy(r->http_host,
r->conf.http_parseopts,
scheme_port)) {
r->con->proto_default_port)) {
/*(reject invalid chars in Host)*/
log_error(r->conf.errh, __FILE__, __LINE__,
"invalid host= value in Forwarded header");

Write Preview
Loading…
Cancel
Save