mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-24 05:32:21 +00:00
haproxy public development tree
18c13d3bd8
The "http-restrict-req-hdr-names" option can now be set to restrict allowed characters in the request header names to the "[a-zA-Z0-9-]" charset. Idea of this option is to not send header names with non-alphanumeric or hyphen character. It is especially important for FastCGI application because all those characters are converted to underscore. For instance, "X-Forwarded-For" and "X_Forwarded_For" are both converted to "HTTP_X_FORWARDED_FOR". So, header names can be mixed up by FastCGI applications. And some HAProxy rules may be bypassed by mangling header names. In addition, some non-HTTP compliant servers may incorrectly handle requests when header names contain characters ouside the "[a-zA-Z0-9-]" charset. When this option is set, the policy must be specify: * preserve: It disables the filtering. It is the default mode for HTTP proxies with no FastCGI application configured. * delete: It removes request headers with a name containing a character outside the "[a-zA-Z0-9-]" charset. It is the default mode for HTTP backends with a configured FastCGI application. * reject: It rejects the request with a 403-Forbidden response if it contains a header name with a character outside the "[a-zA-Z0-9-]" charset. The option is evaluated per-proxy and after http-request rules evaluation. This patch may be backported to avoid any secuirty issue with FastCGI application (so as far as 2.2). |
||
---|---|---|
.github | ||
addons | ||
admin | ||
dev | ||
doc | ||
examples | ||
include | ||
reg-tests | ||
scripts | ||
src | ||
tests | ||
.cirrus.yml | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.travis.yml | ||
BRANCHES | ||
CHANGELOG | ||
CONTRIBUTING | ||
INSTALL | ||
LICENSE | ||
MAINTAINERS | ||
Makefile | ||
README | ||
ROADMAP | ||
SUBVERS | ||
VERDATE | ||
VERSION |
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)