[mod_extforward] save proto per connection
Even though request headers are per-request, update the proto on the connection level for trusted (proxy) clients. Note: the proxy must use each connection only for a single connection from a single client (typically true in practice), and not for multiple clients. proto was previously saved on connection level for mod_extforward with HAProxy PROXY protocol, but did not occur with X-Forwarded-Proto or the Forwarded request header with proto=... Before this change, modules which returned HANDLER_COMEBACK could lose HTTPS=on if the resulting request was for a backend such as mod_fastcgi. This was reported in mod_rewrite, but could also affect mod_magnet if MAGNET_RESTART_REQUEST, or mod_cgi with cgi.local-redir = "enable" x-ref: "FastCGI behavior different when using rewrite?" https://redmine.lighttpd.net/boards/2/topics/9293
This commit is contained in:
parent
b600b75f20
commit
0c7d250034
|
@ -606,9 +606,11 @@ static void mod_extforward_set_proto(request_st * const r, const char * const pr
|
|||
http_header_env_set(r, CONST_STR_LEN("_L_EXTFORWARD_ACTUAL_PROTO"), CONST_BUF_LEN(&r->uri.scheme));
|
||||
}
|
||||
if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("https"))) {
|
||||
r->con->proto_default_port = 443; /* "https" */
|
||||
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("https"));
|
||||
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
|
||||
} else if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("http"))) {
|
||||
r->con->proto_default_port = 80; /* "http" */
|
||||
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("http"));
|
||||
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
|
||||
}
|
||||
|
@ -942,11 +944,9 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
|
|||
buffer_copy_string_len(r->http_host, s+v, vlen-v);
|
||||
}
|
||||
|
||||
int scheme_port =
|
||||
buffer_eq_slen(&r->uri.scheme,CONST_STR_LEN("https")) ? 443 : 80;
|
||||
if (0 != http_request_host_policy(r->http_host,
|
||||
r->conf.http_parseopts,
|
||||
scheme_port)) {
|
||||
r->con->proto_default_port)) {
|
||||
/*(reject invalid chars in Host)*/
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
"invalid host= value in Forwarded header");
|
||||
|
|
Loading…
Reference in New Issue