Permalink
Browse files

respond with 405 method not supported for CONNECT attempts, exit clea…

…nly (no crash report)
  • Loading branch information...
1 parent 6c5617f commit ca9cea9edc875b4174c5866165e2bdb108a3569b @RJ committed Jun 29, 2011
Showing with 24 additions and 3 deletions.
  1. +13 −1 src/mochiweb.erl
  2. +11 −2 src/mochiweb_http.erl
View
@@ -54,14 +54,26 @@ new_request({Socket, {Method, {abs_path, Uri}, Version}, Headers}) ->
Uri,
Version,
mochiweb_headers:make(Headers));
-% this case probably doesn't "exist".
+%% this case probably doesn't "exist".
new_request({Socket, {Method, {absoluteURI, _Protocol, _Host, _Port, Uri},
Version}, Headers}) ->
mochiweb_request:new(Socket,
Method,
Uri,
Version,
mochiweb_headers:make(Headers));
+
+%% Exposing mochiweb to the internet directly will result in random scans
+%% trying to use the HTTP method "CONNECT" assuming/hoping this is a proxy
+new_request({Socket, {"CONNECT", {scheme, Host, Port}, Version}, Headers}) ->
+ %% Since mochiweb_request needs a URI, we poke the host/port in here.
+ %% Note that CONNECT method doesn't really contain a URI though.
+ Uri = lists:flatten(io_lib:format("/?host=~s&port=~s", [Host, Port])),
+ mochiweb_request:new(Socket,
+ 'CONNECT',
+ Uri,
+ Version,
+ mochiweb_headers:make(Headers));
%% Request-URI is "*"
%% From http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
new_request({Socket, {Method, '*'=Uri, Version}, Headers}) ->
View
@@ -158,8 +158,17 @@ headers(Socket, Request, Headers, Body, HeaderCount) ->
headers_ws_upgrade(Socket, Request, Body, MHeaders);
false ->
Req = new_request(Socket, Request, Headers),
- call_body(Body#body.http_loop, Req),
- ?MODULE:after_response(Body, Req)
+ case Req:get(method) of
+ 'CONNECT' ->
+ %% reject CONNECT attempts gracefully
+ %% (tends to happen often with a public IP)
+ Req:respond({405, [], "CONNECT not supported"}),
+ mochiweb_socket:close(Socket),
+ exit(normal);
+ _Meth ->
+ call_body(Body#body.http_loop, Req),
+ ?MODULE:after_response(Body, Req)
+ end
end;
{Protocol, _, {http_header, _, Name, _, Value}} when Protocol == http orelse Protocol == ssl ->
headers(Socket, Request, [{Name, Value} | Headers], Body,

0 comments on commit ca9cea9

Please sign in to comment.