From: Willy Tarreau Date: Fri, 24 Nov 2017 07:17:28 +0000 (+0100) Subject: MEDIUM: h2: don't gracefully close the connection anymore on Connection: close X-Git-Tag: v1.8.0~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a76e4c21839cafd036fbe755416569206502c1d9;p=thirdparty%2Fhaproxy.git MEDIUM: h2: don't gracefully close the connection anymore on Connection: close As reported by Lukas, it causes more harm than good, for example on prompt for authentication. Now we have an "http-request reject" rule to use instead of "http-request deny" if we absolutely want to close the connection. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index 4c580c4a86..13d1bb3164 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -2742,31 +2742,12 @@ static int h2s_frt_make_resp_headers(struct h2s *h2s, struct buffer *buf) /* encode all headers, stop at empty name */ for (hdr = 1; hdr < sizeof(list)/sizeof(list[0]); hdr++) { - /* these ones do not exist in H2 and must be dropped. But if we - * see "connection: close", we also perform a graceful shutdown - * on the connection. Note that the match is not perfect but it - * is sufficient for dealing with some deny rules. - */ - if (isteq(list[hdr].n, ist("connection"))) { - if (!(h2c->flags & (H2_CF_GOAWAY_SENT|H2_CF_GOAWAY_FAILED)) && - word_match(list[hdr].v.ptr, list[hdr].v.len, "close", 5)) { - if (h2c->last_sid < 0) - h2c->last_sid = (1U << 31) - 1; - if (h2c_send_goaway_error(h2c, h2s) <= 0) { - ret = 0; - goto end; - } - /* OK sent, but this changed the output buffer's - * contents hence the write position. - */ - goto try_again; - } - continue; - } - else if (isteq(list[hdr].n, ist("proxy-connection")) || - isteq(list[hdr].n, ist("keep-alive")) || - isteq(list[hdr].n, ist("upgrade")) || - isteq(list[hdr].n, ist("transfer-encoding"))) + /* these ones do not exist in H2 and must be dropped. */ + if (isteq(list[hdr].n, ist("connection")) || + isteq(list[hdr].n, ist("proxy-connection")) || + isteq(list[hdr].n, ist("keep-alive")) || + isteq(list[hdr].n, ist("upgrade")) || + isteq(list[hdr].n, ist("transfer-encoding"))) continue; if (isteq(list[hdr].n, ist("")))