From cab6c7871cbc73be7f31710e3537e812eab1a902 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 23 Jul 2015 23:54:56 +0900
Subject: [PATCH] nghttpx: Don't rewrite host header field by default

In reverse proxy usage, backend server most likely wants to see the
original header field.  So this commit turns off host header rewrite
by default.  --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed.  --host-rewrite option is added to
enable host rewrite.
---
 gennghttpxfun.py    |  1 +
 src/shrpx.cc        | 11 ++++++++---
 src/shrpx_config.cc | 13 ++++++++++++-
 src/shrpx_config.h  |  1 +
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/gennghttpxfun.py b/gennghttpxfun.py
index 9bf1c012..2c04e7d5 100755
--- a/gennghttpxfun.py
+++ b/gennghttpxfun.py
@@ -92,6 +92,7 @@ OPTIONS = [
     "max-header-fields",
     "include",
     "tls-ticket-cipher",
+    "host-rewrite",
     "conf",
 ]
 
diff --git a/src/shrpx.cc b/src/shrpx.cc
index aa97762e..4c59167f 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -995,7 +995,7 @@ void fill_default_config() {
 
   mod_config()->tls_proto_mask = 0;
   mod_config()->no_location_rewrite = false;
-  mod_config()->no_host_rewrite = false;
+  mod_config()->no_host_rewrite = true;
   mod_config()->argc = 0;
   mod_config()->argv = nullptr;
   mod_config()->downstream_connections_per_host = 8;
@@ -1498,8 +1498,8 @@ HTTP:
               --client  and  default   mode.   For  --http2-proxy  and
               --client-proxy mode,  location header field will  not be
               altered regardless of this option.
-  --no-host-rewrite
-              Don't  rewrite  host  and :authority  header  fields  on
+  --host-rewrite
+              Rewrite   host   and   :authority   header   fields   on
               --http2-bridge,   --client   and  default   mode.    For
               --http2-proxy  and  --client-proxy mode,  these  headers
               will not be altered regardless of this option.
@@ -1718,6 +1718,7 @@ int main(int argc, char **argv) {
         {SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
         {SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
         {SHRPX_OPT_TLS_TICKET_CIPHER, required_argument, &flag, 84},
+        {SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85},
         {nullptr, 0, nullptr, 0}};
 
     int option_index = 0;
@@ -2088,6 +2089,10 @@ int main(int argc, char **argv) {
         // --tls-ticket-cipher
         cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_CIPHER, optarg);
         break;
+      case 85:
+        // --host-rewrite
+        cmdcfgs.emplace_back(SHRPX_OPT_HOST_REWRITE, "yes");
+        break;
       default:
         break;
       }
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 3fae2d29..8029d0bb 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -674,6 +674,7 @@ enum {
   SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
   SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
   SHRPX_OPTID_HEADER_FIELD_BUFFER,
+  SHRPX_OPTID_HOST_REWRITE,
   SHRPX_OPTID_HTTP2_BRIDGE,
   SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
   SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
@@ -881,6 +882,9 @@ int option_lookup_token(const char *name, size_t namelen) {
       }
       break;
     case 'e':
+      if (util::strieq_l("host-rewrit", name, 11)) {
+        return SHRPX_OPTID_HOST_REWRITE;
+      }
       if (util::strieq_l("http2-bridg", name, 11)) {
         return SHRPX_OPTID_HTTP2_BRIDGE;
       }
@@ -1736,7 +1740,10 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_NO_HOST_REWRITE:
-    mod_config()->no_host_rewrite = util::strieq(optarg, "yes");
+    LOG(WARN) << SHRPX_OPT_NO_HOST_REWRITE
+              << ": deprecated.  :authority and host header fields are NOT "
+                 "altered by default.  To rewrite these headers, use "
+                 "--host-rewrite option.";
 
     return 0;
   case SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST: {
@@ -1853,6 +1860,10 @@ int parse_config(const char *opt, const char *optarg,
     }
     mod_config()->tls_ticket_cipher_given = true;
 
+    return 0;
+  case SHRPX_OPTID_HOST_REWRITE:
+    mod_config()->no_host_rewrite = !util::strieq(optarg, "yes");
+
     return 0;
   case SHRPX_OPTID_CONF:
     LOG(WARN) << "conf: ignored";
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 267decf9..749c7399 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -172,6 +172,7 @@ constexpr char SHRPX_OPT_HEADER_FIELD_BUFFER[] = "header-field-buffer";
 constexpr char SHRPX_OPT_MAX_HEADER_FIELDS[] = "max-header-fields";
 constexpr char SHRPX_OPT_INCLUDE[] = "include";
 constexpr char SHRPX_OPT_TLS_TICKET_CIPHER[] = "tls-ticket-cipher";
+constexpr char SHRPX_OPT_HOST_REWRITE[] = "host-rewrite";
 
 union sockaddr_union {
   sockaddr_storage storage;