New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

一处可能的协议探测漏洞 #28

Closed

bash99 opened this issue Jun 28, 2022 · 1 comment · Fixed by #29

Contributor

bash99 commented Jun 28, 2022

Gaukas 提到的
enfein/mieru#8 (comment)_

未开启trojan相关配置，和普通的caddy一样，对443端口收到的普通HTTP请求返回400

root@xxx:~# curl -D - http://xxx.mysite.com:443/
HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.

开启trojan相关配置，响应不一样了

root@xxx:~# curl -D - http://xxx.mysite.com:443/
curl: (52) Empty reply from server

The text was updated successfully, but these errors were encountered:

gaukas commented Jun 28, 2022

On a side note, the behavior of returning an HTTP 400 response seems to be an arbitrary choice made by most HTTP server implementations. lighttpd makes a perfect counterexample as it returns an empty response.

bash99 added a commit to bash99/caddy-trojan that referenced this issue


          let caddy response request why got error

fix imgk#28

bash99 mentioned this issue

let caddy response request when got error #29

Merged

imgk closed this as completed in #29

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment