Permalink
Browse files

For HTTP/1.1 requests, Host is mandatory

The check is added to the builtin logic for now.

Fixes #2631.
  • Loading branch information...
fgsch committed May 1, 2018
1 parent acaa2d4 commit ff86ca7e1eb8bee3c34c7cf5be5e352780add1d3
Showing with 29 additions and 2 deletions.
  1. +8 −2 bin/varnishd/builtin.vcl
  2. +21 −0 bin/varnishtest/tests/r02633.vtc
View
@@ -36,8 +36,14 @@ vcl 4.0;
sub vcl_recv {
if (req.method == "PRI") {
/* This will never happen in properly formed traffic (see: RFC7540) */
return (synth(405));
/* This will never happen in properly formed traffic (see: RFC7540) */
return (synth(405));
}
if (!req.http.host &&
req.esi_level == 0 &&
req.proto ~ "^(?i)HTTP/1.1") {
/* In HTTP/1.1, Host is required. */
return (synth(400));
}
if (req.method != "GET" &&
req.method != "HEAD" &&
@@ -0,0 +1,21 @@
varnishtest "For HTTP/1.1 requests, Host is mandatory"
server s1 {
rxreq
txresp
} -start
varnish v1 -vcl+backend {
} -start
client c1 {
txreq -proto HTTP/1.1
rxresp
expect resp.status == 200
txreq -proto HTTP/1.1 -nohost
rxresp
expect resp.status == 400
txreq -proto HTTP/1.0 -nohost
rxresp
expect resp.status == 200
} -run

0 comments on commit ff86ca7

Please sign in to comment.