[master] ff86ca7 For HTTP/1.1 requests, Host is mandatory
Federico G. Schwindt
fgsch at lodoss.net
Thu May 17 08:09:13 UTC 2018
commit ff86ca7e1eb8bee3c34c7cf5be5e352780add1d3
Author: Federico G. Schwindt <fgsch at lodoss.net>
Date: Tue May 1 15:51:28 2018 +0100
For HTTP/1.1 requests, Host is mandatory
The check is added to the builtin logic for now.
Fixes #2631.
diff --git a/bin/varnishd/builtin.vcl b/bin/varnishd/builtin.vcl
index 4e74948..a578a9c 100644
--- a/bin/varnishd/builtin.vcl
+++ b/bin/varnishd/builtin.vcl
@@ -36,8 +36,14 @@ vcl 4.0;
sub vcl_recv {
if (req.method == "PRI") {
- /* This will never happen in properly formed traffic (see: RFC7540) */
- return (synth(405));
+ /* This will never happen in properly formed traffic (see: RFC7540) */
+ return (synth(405));
+ }
+ if (!req.http.host &&
+ req.esi_level == 0 &&
+ req.proto ~ "^(?i)HTTP/1.1") {
+ /* In HTTP/1.1, Host is required. */
+ return (synth(400));
}
if (req.method != "GET" &&
req.method != "HEAD" &&
diff --git a/bin/varnishtest/tests/r02633.vtc b/bin/varnishtest/tests/r02633.vtc
new file mode 100644
index 0000000..3d15c3a
--- /dev/null
+++ b/bin/varnishtest/tests/r02633.vtc
@@ -0,0 +1,21 @@
+varnishtest "For HTTP/1.1 requests, Host is mandatory"
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+} -start
+
+client c1 {
+ txreq -proto HTTP/1.1
+ rxresp
+ expect resp.status == 200
+ txreq -proto HTTP/1.1 -nohost
+ rxresp
+ expect resp.status == 400
+ txreq -proto HTTP/1.0 -nohost
+ rxresp
+ expect resp.status == 200
+} -run
More information about the varnish-commit
mailing list