diff options
author | Francis Lavoie <lavofr@gmail.com> | 2021-10-26 16:41:28 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-26 14:41:28 -0600 |
commit | f73f55dba745a8a527202b87fdd3ff88fa9f40b1 (patch) | |
tree | ba55c3aba51d83710b12d2527d71fa1d043b6642 /modules | |
parent | 012d235314fcc2a27302d00ee6f53459e54c0eb8 (diff) |
reverseproxy: Sanitize scheme and host on incoming requests (#4237)
* caddyhttp: Sanitize scheme and host on incoming requests
* reverseproxy: Sanitize the URL scheme and host before proxying
* Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/reverseproxy/reverseproxy.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index e626962..36dfbfe 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -395,9 +395,23 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // should not permanently change r.Host; issue #3509) reqHost := r.Host reqHeader := r.Header + + // sanitize the request URL; we expect it to not contain the scheme and host + // since those should be determined by r.TLS and r.Host respectively, but + // some clients may include it in the request-line, which is technically + // valid in HTTP, but breaks reverseproxy behaviour, overriding how the + // dialer will behave. See #4237 for context. + origURLScheme := r.URL.Scheme + origURLHost := r.URL.Host + r.URL.Scheme = "" + r.URL.Host = "" + + // restore modifications to the request after we're done proxying defer func() { r.Host = reqHost // TODO: data race, see #4038 r.Header = reqHeader // TODO: data race, see #4038 + r.URL.Scheme = origURLScheme + r.URL.Host = origURLHost }() start := time.Now() |