[Varnish] #1604: Reject request lines that don't conform to the Request-URI definition in HTTP/1.1
Varnish
varnish-bugs at varnish-cache.org
Thu Oct 9 12:47:37 CEST 2014
#1604: Reject request lines that don't conform to the Request-URI definition in
HTTP/1.1
--------------------------+----------------------
Reporter: mattrobenolt | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: trunk | Severity: normal
Keywords: http |
--------------------------+----------------------
Right now, Varnish just happily accepts a request like:
{{{
GET Foo HTTP/1.1
}}}
Which is not a valid `Reqest-URI` as defined by RFC2616 section 5.1.2 as:
{{{
Request-URI = "*" | absoluteURI | abs_path | authority
}}}
And in this case, `abs_path` is defined as
{{{
abs_path = "/" path_segments
}}}
The `absoluteURI` case is already being handled, but we are failing to
handle `*` or `abs_path` according to RFC2396.
This also covers the case of `authority` since an `authority` must be
prefixed with a `//`.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1604>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list