From: Willy Tarreau <w@1wt.eu>
Date: Mon, 7 Oct 2019 12:06:34 +0000 (+0200)
Subject: BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri
X-Git-Tag: v2.1-dev3~138
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=22c6107dba1127a1e6d204dc2a6da63c09f2d934;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri

If a request contains an absolute URI and gets its Host header field
rewritten, or just the request's URI without touching the Host header
field, it can lead to different Host and authority parts. The cache
will always concatenate the Host and the path while a server behind
would instead ignore the Host and use the authority found in the URI,
leading to incorrect content possibly being cached.

Let's simply refrain from caching absolute requests for now, which
also matches what the comment at the top of the function says. Later
we can improve this by having a special handling of the authority.

This should be backported as far as 1.8.
---

diff --git a/src/cache.c b/src/cache.c
index 06924cc6f8..d350872b88 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1082,8 +1082,8 @@ int sha1_hosturi(struct stream *s)
 	chunk_memcat(trash, ctx.value.ptr, ctx.value.len);
 
 	sl = http_get_stline(htx);
-	path = http_get_path(htx_sl_req_uri(sl));
-	if (!path.ptr)
+	path = htx_sl_req_uri(sl); // whole uri
+	if (!path.len || *path.ptr != '/')
 		return 0;
 	chunk_memcat(trash, path.ptr, path.len);