nghttpx: Don't rewrite host header field by default
In reverse proxy usage, backend server most likely wants to see the original header field. So this commit turns off host header rewrite by default. --no-host-rewrite option is deprecated, and if it is used, warning message is displayed. --host-rewrite option is added to enable host rewrite.
This commit is contained in:
parent
04bd25d468
commit
cab6c7871c
|
@ -92,6 +92,7 @@ OPTIONS = [
|
||||||
"max-header-fields",
|
"max-header-fields",
|
||||||
"include",
|
"include",
|
||||||
"tls-ticket-cipher",
|
"tls-ticket-cipher",
|
||||||
|
"host-rewrite",
|
||||||
"conf",
|
"conf",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
11
src/shrpx.cc
11
src/shrpx.cc
|
@ -995,7 +995,7 @@ void fill_default_config() {
|
||||||
|
|
||||||
mod_config()->tls_proto_mask = 0;
|
mod_config()->tls_proto_mask = 0;
|
||||||
mod_config()->no_location_rewrite = false;
|
mod_config()->no_location_rewrite = false;
|
||||||
mod_config()->no_host_rewrite = false;
|
mod_config()->no_host_rewrite = true;
|
||||||
mod_config()->argc = 0;
|
mod_config()->argc = 0;
|
||||||
mod_config()->argv = nullptr;
|
mod_config()->argv = nullptr;
|
||||||
mod_config()->downstream_connections_per_host = 8;
|
mod_config()->downstream_connections_per_host = 8;
|
||||||
|
@ -1498,8 +1498,8 @@ HTTP:
|
||||||
--client and default mode. For --http2-proxy and
|
--client and default mode. For --http2-proxy and
|
||||||
--client-proxy mode, location header field will not be
|
--client-proxy mode, location header field will not be
|
||||||
altered regardless of this option.
|
altered regardless of this option.
|
||||||
--no-host-rewrite
|
--host-rewrite
|
||||||
Don't rewrite host and :authority header fields on
|
Rewrite host and :authority header fields on
|
||||||
--http2-bridge, --client and default mode. For
|
--http2-bridge, --client and default mode. For
|
||||||
--http2-proxy and --client-proxy mode, these headers
|
--http2-proxy and --client-proxy mode, these headers
|
||||||
will not be altered regardless of this option.
|
will not be altered regardless of this option.
|
||||||
|
@ -1718,6 +1718,7 @@ int main(int argc, char **argv) {
|
||||||
{SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
|
{SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
|
||||||
{SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
|
{SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
|
||||||
{SHRPX_OPT_TLS_TICKET_CIPHER, required_argument, &flag, 84},
|
{SHRPX_OPT_TLS_TICKET_CIPHER, required_argument, &flag, 84},
|
||||||
|
{SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85},
|
||||||
{nullptr, 0, nullptr, 0}};
|
{nullptr, 0, nullptr, 0}};
|
||||||
|
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
|
@ -2088,6 +2089,10 @@ int main(int argc, char **argv) {
|
||||||
// --tls-ticket-cipher
|
// --tls-ticket-cipher
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_CIPHER, optarg);
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_CIPHER, optarg);
|
||||||
break;
|
break;
|
||||||
|
case 85:
|
||||||
|
// --host-rewrite
|
||||||
|
cmdcfgs.emplace_back(SHRPX_OPT_HOST_REWRITE, "yes");
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -674,6 +674,7 @@ enum {
|
||||||
SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
|
SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
|
||||||
SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
|
SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
|
||||||
SHRPX_OPTID_HEADER_FIELD_BUFFER,
|
SHRPX_OPTID_HEADER_FIELD_BUFFER,
|
||||||
|
SHRPX_OPTID_HOST_REWRITE,
|
||||||
SHRPX_OPTID_HTTP2_BRIDGE,
|
SHRPX_OPTID_HTTP2_BRIDGE,
|
||||||
SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
|
SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
|
||||||
SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
|
SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
|
||||||
|
@ -881,6 +882,9 @@ int option_lookup_token(const char *name, size_t namelen) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'e':
|
case 'e':
|
||||||
|
if (util::strieq_l("host-rewrit", name, 11)) {
|
||||||
|
return SHRPX_OPTID_HOST_REWRITE;
|
||||||
|
}
|
||||||
if (util::strieq_l("http2-bridg", name, 11)) {
|
if (util::strieq_l("http2-bridg", name, 11)) {
|
||||||
return SHRPX_OPTID_HTTP2_BRIDGE;
|
return SHRPX_OPTID_HTTP2_BRIDGE;
|
||||||
}
|
}
|
||||||
|
@ -1736,7 +1740,10 @@ int parse_config(const char *opt, const char *optarg,
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
case SHRPX_OPTID_NO_HOST_REWRITE:
|
case SHRPX_OPTID_NO_HOST_REWRITE:
|
||||||
mod_config()->no_host_rewrite = util::strieq(optarg, "yes");
|
LOG(WARN) << SHRPX_OPT_NO_HOST_REWRITE
|
||||||
|
<< ": deprecated. :authority and host header fields are NOT "
|
||||||
|
"altered by default. To rewrite these headers, use "
|
||||||
|
"--host-rewrite option.";
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
case SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST: {
|
case SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST: {
|
||||||
|
@ -1853,6 +1860,10 @@ int parse_config(const char *opt, const char *optarg,
|
||||||
}
|
}
|
||||||
mod_config()->tls_ticket_cipher_given = true;
|
mod_config()->tls_ticket_cipher_given = true;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
case SHRPX_OPTID_HOST_REWRITE:
|
||||||
|
mod_config()->no_host_rewrite = !util::strieq(optarg, "yes");
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
case SHRPX_OPTID_CONF:
|
case SHRPX_OPTID_CONF:
|
||||||
LOG(WARN) << "conf: ignored";
|
LOG(WARN) << "conf: ignored";
|
||||||
|
|
|
@ -172,6 +172,7 @@ constexpr char SHRPX_OPT_HEADER_FIELD_BUFFER[] = "header-field-buffer";
|
||||||
constexpr char SHRPX_OPT_MAX_HEADER_FIELDS[] = "max-header-fields";
|
constexpr char SHRPX_OPT_MAX_HEADER_FIELDS[] = "max-header-fields";
|
||||||
constexpr char SHRPX_OPT_INCLUDE[] = "include";
|
constexpr char SHRPX_OPT_INCLUDE[] = "include";
|
||||||
constexpr char SHRPX_OPT_TLS_TICKET_CIPHER[] = "tls-ticket-cipher";
|
constexpr char SHRPX_OPT_TLS_TICKET_CIPHER[] = "tls-ticket-cipher";
|
||||||
|
constexpr char SHRPX_OPT_HOST_REWRITE[] = "host-rewrite";
|
||||||
|
|
||||||
union sockaddr_union {
|
union sockaddr_union {
|
||||||
sockaddr_storage storage;
|
sockaddr_storage storage;
|
||||||
|
|
Loading…
Reference in New Issue