diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2016-11-03 17:57:50 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2016-11-03 17:57:50 +0000 |
commit | 57f0ebaf434679a8be3c74e5ece10cdb8b5e7ef9 (patch) | |
tree | 4b03b601ba6e657c2f6c20ca516f3f753b016518 | |
parent | 6b41f2be121b09ccaaefec9e385f5744ded7853f (diff) | |
download | httpd-57f0ebaf434679a8be3c74e5ece10cdb8b5e7ef9.tar.gz |
New directive HttpProtocol which allows to disable HTTP/0.9 support
with min=0.9|1.0 syntax.
A tighter restriction off the version in the request line is still
possible with <If "%{SERVER_PROTOCOL_NUM} ..."> .
Submitted by: sf
Backports: r1406719, r1407643, r1425366
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict@1767941 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | include/ap_mmn.h | 3 | ||||
-rw-r--r-- | include/http_core.h | 8 | ||||
-rw-r--r-- | server/core.c | 24 | ||||
-rw-r--r-- | server/protocol.c | 16 |
5 files changed, 50 insertions, 4 deletions
@@ -2,6 +2,9 @@ Changes with Apache 2.4.24 + *) core: New directive HttpProtocol which allows to disable HTTP/0.9 + support. [Stefan Fritsch] + *) mod_http2: unannounced and multiple interim responses (status code < 200) are parsed and forwarded to client until a final response arrives. [Stefan Eissing] diff --git a/include/ap_mmn.h b/include/ap_mmn.h index a4feabc144..1cd06ff4f1 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -487,6 +487,7 @@ * 20120211.65 (2.4.24-dev) Add ap_check_pipeline(). * 20120211.66 (2.4.24-dev) Rename ap_proxy_check_backend() to * ap_proxy_check_connection(). + * 20120211.67 (2.5.0-dev) Add http09_enable to core_server_config */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -494,7 +495,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 66 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 67 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/http_core.h b/include/http_core.h index 2590b22d36..cbd924060a 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -723,10 +723,14 @@ typedef struct { #define AP_MERGE_TRAILERS_DISABLE 2 int merge_trailers; - - apr_array_header_t *protocols; int protocols_honor_order; + +#define AP_HTTP09_UNSET 0 +#define AP_HTTP09_ENABLE 1 +#define AP_HTTP09_DISABLE 2 + char http09_enable; + } core_server_config; /* for AddOutputFiltersByType in core.c */ diff --git a/server/core.c b/server/core.c index 2c64fdc4d2..4cb03ff854 100644 --- a/server/core.c +++ b/server/core.c @@ -519,6 +519,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) if (virt->trace_enable != AP_TRACE_UNSET) conf->trace_enable = virt->trace_enable; + if (virt->http09_enable != AP_HTTP09_UNSET) + conf->http09_enable = virt->http09_enable; + /* no action for virt->accf_map, not allowed per-vhost */ if (virt->protocol) @@ -3895,6 +3898,25 @@ static const char *set_protocols_honor_order(cmd_parms *cmd, void *dummy, return NULL; } +static const char *set_http_protocol(cmd_parms *cmd, void *dummy, + const char *arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + + if (strncmp(arg, "min=", 4) == 0) { + arg += 4; + if (strcmp(arg, "0.9") == 0) + conf->http09_enable = AP_HTTP09_ENABLE; + else if (strcmp(arg, "1.0") == 0) + conf->http09_enable = AP_HTTP09_DISABLE; + else + return "HttpProtocol min must be one of '0.9' and '1.0'"; + return NULL; + } + return "HttpProtocol must be min=0.9|1.0"; +} + static apr_hash_t *errorlog_hash; static int log_constant_item(const ap_errorlog_info *info, const char *arg, @@ -4419,6 +4441,8 @@ AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF, AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF, "'off' (default) or 'on' to respect given order of protocols, " "by default the client specified order determines selection"), +AP_INIT_TAKE1("HttpProtocol", set_http_protocol, NULL, RSRC_CONF, + "'min=0.9' (default) or 'min=1.0' to allow/deny HTTP/0.9"), { NULL } }; diff --git a/server/protocol.c b/server/protocol.c index 88d0f99251..558d70f32b 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -648,9 +648,22 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) pro = ll; len = strlen(ll); } else { + core_server_config *conf; + conf = ap_get_core_module_config(r->server->module_config); r->assbackwards = 1; pro = "HTTP/0.9"; len = 8; + if (conf->http09_enable == AP_HTTP09_DISABLE) { + r->status = HTTP_VERSION_NOT_SUPPORTED; + r->protocol = apr_pstrmemdup(r->pool, pro, len); + /* If we deny 0.9, send error message with 1.x */ + r->assbackwards = 0; + r->proto_num = HTTP_VERSION(0, 9); + r->connection->keepalive = AP_CONN_CLOSE; + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401) + "HTTP/0.9 denied by server configuration"); + return 0; + } } r->protocol = apr_pstrmemdup(r->pool, pro, len); @@ -972,7 +985,8 @@ request_rec *ap_read_request(conn_rec *conn) /* Get the request... */ if (!read_request_line(r, tmp_bb)) { if (r->status == HTTP_REQUEST_URI_TOO_LARGE - || r->status == HTTP_BAD_REQUEST) { + || r->status == HTTP_BAD_REQUEST + || r->status == HTTP_VERSION_NOT_SUPPORTED) { if (r->status == HTTP_REQUEST_URI_TOO_LARGE) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00565) "request failed: client's request-line exceeds LimitRequestLine (longer than %d)", |