haproxy

Commit Graph

Author	SHA1	Message	Date
Christopher Faulet	8fe3a33328	REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages Depending on the timing, time to time, the log messages can be mixed. A client can start and be fully handled by HAProxy (including its log message) before the log message of the previous client was emitted or received. To fix the issue, a barrier was added to be sure to eval the "expect" rule on logs before starting the next client.	2023-06-20 12:49:39 +02:00
Christopher Faulet	1c52121e6d	REG-TESTS: http: Add more tests about authority/host matching More tests were added to h1_host_normalization.vtc to be sure we are RF3986 compliant. Among other things, some tests with empty ports were added.	2022-11-22 17:49:10 +01:00
Christopher Faulet	3f5fbe9407	BUG/MEDIUM: h1: Improve authority validation for CONNCET request From time to time, users complain to get 400-Bad-request responses for totally valid CONNECT requests. After analysis, it is due to the H1 parser performs an exact match between the authority and the host header value. For non-CONNECT requests, it is valid. But for CONNECT requests the authority must contain a port while it is often omitted from the host header value (for default ports). So, to be sure to not reject valid CONNECT requests, a basic authority validation is now performed during the message parsing. In addition, the host header value is normalized. It means the default port is removed if possible. This patch should solve the issue #1761. It must be backported to 2.6 and probably as far as 2.4.	2022-07-07 09:35:58 +02:00

Author

SHA1

Message

Date

Christopher Faulet

8fe3a33328

REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages

Depending on the timing, time to time, the log messages can be mixed. A
client can start and be fully handled by HAProxy (including its log message)
before the log message of the previous client was emitted or received.  To
fix the issue, a barrier was added to be sure to eval the "expect" rule on
logs before starting the next client.

2023-06-20 12:49:39 +02:00

Christopher Faulet

1c52121e6d

REG-TESTS: http: Add more tests about authority/host matching

More tests were added to h1_host_normalization.vtc to be sure we are RF3986
compliant. Among other things, some tests with empty ports were added.

2022-11-22 17:49:10 +01:00

Christopher Faulet

3f5fbe9407

BUG/MEDIUM: h1: Improve authority validation for CONNCET request

From time to time, users complain to get 400-Bad-request responses for
totally valid CONNECT requests. After analysis, it is due to the H1 parser
performs an exact match between the authority and the host header value. For
non-CONNECT requests, it is valid. But for CONNECT requests the authority
must contain a port while it is often omitted from the host header value
(for default ports).

So, to be sure to not reject valid CONNECT requests, a basic authority
validation is now performed during the message parsing. In addition, the
host header value is normalized. It means the default port is removed if
possible.

This patch should solve the issue #1761. It must be backported to 2.6 and
probably as far as 2.4.

2022-07-07 09:35:58 +02:00

3 Commits