From f9c60d5e9dd0e956e841bea2ef802da083c44d73 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 9 Jun 2015 22:08:49 +0900 Subject: [PATCH] nghttpx: Return 501 if invalid method is received on h1 frontend --- integration-tests/nghttpx_http1_test.go | 21 +++++++++++++++++++++ src/shrpx_https_upstream.cc | 4 +++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/integration-tests/nghttpx_http1_test.go b/integration-tests/nghttpx_http1_test.go index 6d5c28ad..1fc8e25c 100644 --- a/integration-tests/nghttpx_http1_test.go +++ b/integration-tests/nghttpx_http1_test.go @@ -52,6 +52,27 @@ func TestH1H1PlainGETClose(t *testing.T) { } } +// TestH1H1InvalidMethod tests that server rejects invalid method with +// 501 status code +func TestH1H1InvalidMethod(t *testing.T) { + st := newServerTester(nil, t, func(w http.ResponseWriter, r *http.Request) { + t.Errorf("server should not forward this request") + }) + defer st.Close() + + res, err := st.http1(requestParam{ + name: "TestH1H1InvalidMethod", + method: "get", + }) + if err != nil { + t.Fatalf("Error st.http1() = %v", err) + } + + if got, want := res.status, 501; got != want { + t.Errorf("status = %v; want %v", got, want) + } +} + // TestH1H1MultipleRequestCL tests that server rejects request which // contains multiple Content-Length header fields. func TestH1H1MultipleRequestCL(t *testing.T) { diff --git a/src/shrpx_https_upstream.cc b/src/shrpx_https_upstream.cc index e27a4879..6f0cc33c 100644 --- a/src/shrpx_https_upstream.cc +++ b/src/shrpx_https_upstream.cc @@ -460,7 +460,9 @@ int HttpsUpstream::on_read() { unsigned int status_code; - if (downstream) { + if (htperr == HPE_INVALID_METHOD) { + status_code = 501; + } else if (downstream) { if (downstream->get_request_state() == Downstream::CONNECT_FAIL) { status_code = 503; } else if (downstream->get_request_state() ==