New directive HttpProtocol which allows to disable HTTP/0.9 support.

The syntax is designed to allow addition of a +/- strict option
later on.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1406719 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 8cf7cee214d3c6033e438e0bdaa72d13ba20116e..ddf11732ea94456d5709a4460cf2537b0654ddda 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: New directive HttpProtocol which allows to disable HTTP/0.9
+     support. [Stefan Fritsch]
+
   *) mod_allowhandlers: New module to forbid specific handlers for specific
      directories. [Stefan Fritsch]
 

diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index 44085c5057ec2cb4b142a5a00ec5b3eae6ec0487..65b7a7f809ae570dfdd3026052d7a6e953a88330 100644 (file)
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-2401
+2402

diff --git a/include/http_core.h b/include/http_core.h
index 3c47989cb43ae971dc3b8baaec91368a5422b3c7..bb1102aa8302bf869f4a757e9cd687eb315ce358 100644 (file)
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -664,6 +664,11 @@ typedef struct {
 #define AP_TRACE_EXTENDED  2
     int trace_enable;
 
+#define AP_HTTP09_UNSET   0
+#define AP_HTTP09_ENABLE  1
+#define AP_HTTP09_DISABLE 2
+    char http09_enable;
+
 } core_server_config;
 
 /* for AddOutputFiltersByType in core.c */

diff --git a/server/core.c b/server/core.c
index bbaadd7d77830049c62180f55c7e49590f414d56..d63b989f17adb990f325d8b4bbd64f84b0e2c76f 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -502,6 +502,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
     if (virt->trace_enable != AP_TRACE_UNSET)
         conf->trace_enable = virt->trace_enable;
 
+    if (virt->http09_enable != AP_HTTP09_UNSET)
+        conf->http09_enable = virt->http09_enable;
+
     /* no action for virt->accf_map, not allowed per-vhost */
 
     if (virt->protocol)
@@ -3611,6 +3614,25 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+static const char *set_http_protocol(cmd_parms *cmd, void *dummy,
+                                     const char *arg1)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (strcmp(arg1, "+0.9") == 0) {
+        conf->http09_enable = AP_HTTP09_ENABLE;
+    }
+    else if (strcmp(arg1, "-0.9") == 0) {
+        conf->http09_enable = AP_HTTP09_DISABLE;
+    }
+    else {
+        return "HttpProtocol must be one of '+0.9' and '-0.9'";
+    }
+
+    return NULL;
+}
+
 static apr_hash_t *errorlog_hash;
 
 static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4110,6 +4132,8 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
 #endif
 AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
               "'on' (default), 'off' or 'extended' to trace request body content"),
+AP_INIT_TAKE1("HttpProtocol", set_http_protocol, NULL, RSRC_CONF,
+              "'+0.9' (default) or '-0.9' to allow/deny HTTP/0.9"),
 { NULL }
 };
 

diff --git a/server/protocol.c b/server/protocol.c
index b0da156eec5413925e59c04645bf5785625e02d8..decd9982babab3ff9b2b573153bec3665f7f3d82 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -657,9 +657,19 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         pro = ll;
         len = strlen(ll);
     } else {
+        core_server_config *conf;
+        conf = ap_get_core_module_config(r->server->module_config);
         r->assbackwards = 1;
         pro = "HTTP/0.9";
         len = 8;
+        if (conf->http09_enable == AP_HTTP09_DISABLE) {
+                r->status = HTTP_VERSION_NOT_SUPPORTED;
+                r->protocol = apr_pstrmemdup(r->pool, pro, len);
+                r->proto_num = HTTP_VERSION(0, 9);
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401)
+                              "HTTP/0.9 denied by server configuration");
+                return 0;
+        }
     }
     r->protocol = apr_pstrmemdup(r->pool, pro, len);
 
@@ -976,7 +986,8 @@ request_rec *ap_read_request(conn_rec *conn)
     /* Get the request... */
     if (!read_request_line(r, tmp_bb)) {
         if (r->status == HTTP_REQUEST_URI_TOO_LARGE
-            || r->status == HTTP_BAD_REQUEST) {
+            || r->status == HTTP_BAD_REQUEST
+            || r->status == HTTP_VERSION_NOT_SUPPORTED) {
             if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
                 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00565)
                               "request failed: URI too long (longer than %d)",