[master] ff86ca7 For HTTP/1.1 requests, Host is mandatory

Federico G. Schwindt fgsch at lodoss.net
Thu May 17 08:09:13 UTC 2018


commit ff86ca7e1eb8bee3c34c7cf5be5e352780add1d3
Author: Federico G. Schwindt <fgsch at lodoss.net>
Date:   Tue May 1 15:51:28 2018 +0100

    For HTTP/1.1 requests, Host is mandatory
    
    The check is added to the builtin logic for now.
    
    Fixes #2631.

diff --git a/bin/varnishd/builtin.vcl b/bin/varnishd/builtin.vcl
index 4e74948..a578a9c 100644
--- a/bin/varnishd/builtin.vcl
+++ b/bin/varnishd/builtin.vcl
@@ -36,8 +36,14 @@ vcl 4.0;
 
 sub vcl_recv {
     if (req.method == "PRI") {
-	/* This will never happen in properly formed traffic (see: RFC7540) */
-	return (synth(405));
+        /* This will never happen in properly formed traffic (see: RFC7540) */
+        return (synth(405));
+    }
+    if (!req.http.host &&
+      req.esi_level == 0 &&
+      req.proto ~ "^(?i)HTTP/1.1") {
+        /* In HTTP/1.1, Host is required. */
+        return (synth(400));
     }
     if (req.method != "GET" &&
       req.method != "HEAD" &&
diff --git a/bin/varnishtest/tests/r02633.vtc b/bin/varnishtest/tests/r02633.vtc
new file mode 100644
index 0000000..3d15c3a
--- /dev/null
+++ b/bin/varnishtest/tests/r02633.vtc
@@ -0,0 +1,21 @@
+varnishtest "For HTTP/1.1 requests, Host is mandatory"
+
+server s1 {
+	rxreq
+	txresp
+} -start
+
+varnish v1 -vcl+backend {
+} -start
+
+client c1 {
+	txreq -proto HTTP/1.1
+	rxresp
+	expect resp.status == 200
+	txreq -proto HTTP/1.1 -nohost
+	rxresp
+	expect resp.status == 400
+	txreq -proto HTTP/1.0 -nohost
+	rxresp
+	expect resp.status == 200
+} -run


More information about the varnish-commit mailing list