[Varnish] #1009: Varnish allows invalid headers
Varnish
varnish-bugs at varnish-cache.org
Tue Sep 6 09:53:22 CEST 2011
#1009: Varnish allows invalid headers
-------------------------+--------------------------------------------------
Reporter: scoof | Type: defect
Status: closed | Priority: low
Milestone: | Component: varnishd
Version: trunk | Severity: normal
Resolution: worksforme | Keywords:
-------------------------+--------------------------------------------------
Changes (by phk):
* status: new => closed
* resolution: => worksforme
Comment:
The reason why we do not do this, is that Varnish does not text-process
all headers, only the ones it needs to use.
RFC2616 says
{{{
10.4.1 400 Bad Request
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
modifications.
}}}
If an HTTP request contains a dskfjsldkfslkfjsdl line, Varnish is still
perfectly able to understand it, it just ignores that line.
If you want to have Varnish be anal retentive about HTTP request, the way
to do it, is to write a VMOD::strict.
The bug in this case is in varnishncsa (as per ticket #1006).
--
Ticket URL: <http://www.varnish-cache.org/trac/ticket/1009#comment:1>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list