MEDIUM: proxy: Reject some header names for 'http-send-name-header' directive

From time to time, we saw the 'http-send-name-header' directive used to
overwrite the Host header to workaround limitations of a buggy application.
Most of time, this led to troubles. This was never officially supported and
each time we strongly discouraged anyone to do so. We already thought to
deprecate this directive, but it seems to be still used by few people. So
for now, we decided to strengthen the tests performed on it.

The header name is now checked during the configuration parsing to forbid
some risky names. 'Host', 'Content-Length', 'Transfer-Encoding' and
'Connection' header names are now rejected. But more headers could be added
in future.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 99972f747b20955b7ff4d2ce077e6e908c6f92c1..de3da7a2b8ca8040b900bee89af4146f8a55fd56 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8366,14 +8366,8 @@ http-send-name-header [<header>]
   very late in the connection setup, it may have unexpected effects on already
   modified headers. For example using it with transport-level header such as
   connection, content-length, transfer-encoding and so on will likely result in
-  invalid requests being sent to the server. Additionally it has been reported
-  that this directive is currently being used as a way to overwrite the Host
-  header field in outgoing requests; while this trick has been known to work
-  as a side effect of the feature for some time, it is not officially supported
-  and might possibly not work anymore in a future version depending on the
-  technical difficulties this feature induces. A long-term solution instead
-  consists in fixing the application which required this trick so that it binds
-  to the correct host name.
+  invalid requests being sent to the server. This is why following header names
+  are forbidden: host, content-length, transfer-encoding and connection.
 
   See also : "server"
 

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 07bb050122770b5821917612ac513577be171663..b0d24be3abd53077d8dbfa9db58c4c2df6a51847 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -1476,6 +1476,15 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                        err_code |= ERR_ALERT | ERR_FATAL;
                        goto out;
                }
+               if (strcasecmp(args[1], "host") == 0 ||
+                   strcasecmp(args[1], "content-length") == 0 ||
+                   strcasecmp(args[1], "transfer-encoding") == 0 ||
+                   strcasecmp(args[1], "connection") == 0) {
+                       ha_alert("parsing [%s:%d] : '%s' cannot be used as header name for '%s' directive.\n",
+                                file, linenum, args[1], args[0]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
 
                /* set the desired header name, in lower case */
                istfree(&curproxy->server_id_hdr_name);