nghttpx: Don't rewrite host header field by default

In reverse proxy usage, backend server most likely wants to see the
original header field.  So this commit turns off host header rewrite
by default.  --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed.  --host-rewrite option is added to
enable host rewrite.
This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-23 23:54:56 +09:00
parent 04bd25d468
commit cab6c7871c
4 changed files with 22 additions and 4 deletions

View File

@ -92,6 +92,7 @@ OPTIONS = [
"max-header-fields",
"include",
"tls-ticket-cipher",
"host-rewrite",
"conf",
]

View File

@ -995,7 +995,7 @@ void fill_default_config() {
mod_config()->tls_proto_mask = 0;
mod_config()->no_location_rewrite = false;
mod_config()->no_host_rewrite = false;
mod_config()->no_host_rewrite = true;
mod_config()->argc = 0;
mod_config()->argv = nullptr;
mod_config()->downstream_connections_per_host = 8;
@ -1498,8 +1498,8 @@ HTTP:
--client and default mode. For --http2-proxy and
--client-proxy mode, location header field will not be
altered regardless of this option.
--no-host-rewrite
Don't rewrite host and :authority header fields on
--host-rewrite
Rewrite host and :authority header fields on
--http2-bridge, --client and default mode. For
--http2-proxy and --client-proxy mode, these headers
will not be altered regardless of this option.
@ -1718,6 +1718,7 @@ int main(int argc, char **argv) {
{SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
{SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
{SHRPX_OPT_TLS_TICKET_CIPHER, required_argument, &flag, 84},
{SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85},
{nullptr, 0, nullptr, 0}};
int option_index = 0;
@ -2088,6 +2089,10 @@ int main(int argc, char **argv) {
// --tls-ticket-cipher
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_CIPHER, optarg);
break;
case 85:
// --host-rewrite
cmdcfgs.emplace_back(SHRPX_OPT_HOST_REWRITE, "yes");
break;
default:
break;
}

View File

@ -674,6 +674,7 @@ enum {
SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
SHRPX_OPTID_HEADER_FIELD_BUFFER,
SHRPX_OPTID_HOST_REWRITE,
SHRPX_OPTID_HTTP2_BRIDGE,
SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
@ -881,6 +882,9 @@ int option_lookup_token(const char *name, size_t namelen) {
}
break;
case 'e':
if (util::strieq_l("host-rewrit", name, 11)) {
return SHRPX_OPTID_HOST_REWRITE;
}
if (util::strieq_l("http2-bridg", name, 11)) {
return SHRPX_OPTID_HTTP2_BRIDGE;
}
@ -1736,7 +1740,10 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_NO_HOST_REWRITE:
mod_config()->no_host_rewrite = util::strieq(optarg, "yes");
LOG(WARN) << SHRPX_OPT_NO_HOST_REWRITE
<< ": deprecated. :authority and host header fields are NOT "
"altered by default. To rewrite these headers, use "
"--host-rewrite option.";
return 0;
case SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST: {
@ -1853,6 +1860,10 @@ int parse_config(const char *opt, const char *optarg,
}
mod_config()->tls_ticket_cipher_given = true;
return 0;
case SHRPX_OPTID_HOST_REWRITE:
mod_config()->no_host_rewrite = !util::strieq(optarg, "yes");
return 0;
case SHRPX_OPTID_CONF:
LOG(WARN) << "conf: ignored";

View File

@ -172,6 +172,7 @@ constexpr char SHRPX_OPT_HEADER_FIELD_BUFFER[] = "header-field-buffer";
constexpr char SHRPX_OPT_MAX_HEADER_FIELDS[] = "max-header-fields";
constexpr char SHRPX_OPT_INCLUDE[] = "include";
constexpr char SHRPX_OPT_TLS_TICKET_CIPHER[] = "tls-ticket-cipher";
constexpr char SHRPX_OPT_HOST_REWRITE[] = "host-rewrite";
union sockaddr_union {
sockaddr_storage storage;