nghttpx: Don't rewrite host header field by default

In reverse proxy usage, backend server most likely wants to see the
original header field.  So this commit turns off host header rewrite
by default.  --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed.  --host-rewrite option is added to
enable host rewrite.

gennghttpxfun.py

@@ -92,6 +92,7 @@ OPTIONS = [
     "max-header-fields",
     "include",
     "tls-ticket-cipher",
+    "host-rewrite",
     "conf",
 ]
 

src/shrpx.cc

@@ -995,7 +995,7 @@ void fill_default_config() {
 
   mod_config()->tls_proto_mask = 0;
   mod_config()->no_location_rewrite = false;
-  mod_config()->no_host_rewrite = false;
+  mod_config()->no_host_rewrite = true;
   mod_config()->argc = 0;
   mod_config()->argv = nullptr;
   mod_config()->downstream_connections_per_host = 8;
@@ -1498,8 +1498,8 @@ HTTP:
               --client  and  default   mode.   For  --http2-proxy  and
               --client-proxy mode,  location header field will  not be
               altered regardless of this option.
-  --no-host-rewrite
+  --host-rewrite
-              Don't  rewrite  host  and :authority  header  fields  on
+              Rewrite   host   and   :authority   header   fields   on
               --http2-bridge,   --client   and  default   mode.    For
               --http2-proxy  and  --client-proxy mode,  these  headers
               will not be altered regardless of this option.
@@ -1718,6 +1718,7 @@ int main(int argc, char **argv) {
         {SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
         {SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
         {SHRPX_OPT_TLS_TICKET_CIPHER, required_argument, &flag, 84},
+        {SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85},
         {nullptr, 0, nullptr, 0}};
 
     int option_index = 0;
@@ -2088,6 +2089,10 @@ int main(int argc, char **argv) {
         // --tls-ticket-cipher
         cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_CIPHER, optarg);
         break;
+      case 85:
+        // --host-rewrite
+        cmdcfgs.emplace_back(SHRPX_OPT_HOST_REWRITE, "yes");
+        break;
       default:
         break;
       }

src/shrpx_config.cc

@@ -674,6 +674,7 @@ enum {
   SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
   SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
   SHRPX_OPTID_HEADER_FIELD_BUFFER,
+  SHRPX_OPTID_HOST_REWRITE,
   SHRPX_OPTID_HTTP2_BRIDGE,
   SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
   SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
@@ -881,6 +882,9 @@ int option_lookup_token(const char *name, size_t namelen) {
       }
       break;
     case 'e':
+      if (util::strieq_l("host-rewrit", name, 11)) {
+        return SHRPX_OPTID_HOST_REWRITE;
+      }
       if (util::strieq_l("http2-bridg", name, 11)) {
         return SHRPX_OPTID_HTTP2_BRIDGE;
       }
@@ -1736,7 +1740,10 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_NO_HOST_REWRITE:
-    mod_config()->no_host_rewrite = util::strieq(optarg, "yes");
+    LOG(WARN) << SHRPX_OPT_NO_HOST_REWRITE
+              << ": deprecated.  :authority and host header fields are NOT "
+                 "altered by default.  To rewrite these headers, use "
+                 "--host-rewrite option.";
 
     return 0;
   case SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST: {
@@ -1853,6 +1860,10 @@ int parse_config(const char *opt, const char *optarg,
     }
     mod_config()->tls_ticket_cipher_given = true;
 
+    return 0;
+  case SHRPX_OPTID_HOST_REWRITE:
+    mod_config()->no_host_rewrite = !util::strieq(optarg, "yes");
+
     return 0;
   case SHRPX_OPTID_CONF:
     LOG(WARN) << "conf: ignored";

src/shrpx_config.h

@@ -172,6 +172,7 @@ constexpr char SHRPX_OPT_HEADER_FIELD_BUFFER[] = "header-field-buffer";
 constexpr char SHRPX_OPT_MAX_HEADER_FIELDS[] = "max-header-fields";
 constexpr char SHRPX_OPT_INCLUDE[] = "include";
 constexpr char SHRPX_OPT_TLS_TICKET_CIPHER[] = "tls-ticket-cipher";
+constexpr char SHRPX_OPT_HOST_REWRITE[] = "host-rewrite";
 
 union sockaddr_union {
   sockaddr_storage storage;