From: Ruediger Pluem Date: Thu, 29 May 2008 22:19:17 +0000 (+0000) Subject: * According to RFC 2616 8.2.3 we are not allowed to forward an X-Git-Tag: 2.3.0~563 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6f1efd3b2a6ceae54010c7a08fffa15c1ae90a3;p=thirdparty%2Fapache%2Fhttpd.git * According to RFC 2616 8.2.3 we are not allowed to forward an Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return a HTTP_EXPECTATION_FAILED. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@661506 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 85b06acb847..5971b2322eb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to + known HTTP/1.0 servers. Return 'Expectation failed' (417) instead. + [Ruediger Pluem] + *) core, authn/z: Determine registered authn/z providers directly in ap_setup_auth_internal(), which allows optional functions that just wrapped ap_list_provider_names() to be removed from authn/z modules. diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 582a4a82362..86c082fbe6e 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -692,6 +692,14 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r, if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) { buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.0" CRLF, NULL); force10 = 1; + /* + * According to RFC 2616 8.2.3 we are not allowed to forward an + * Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return + * a HTTP_EXPECTATION_FAILED + */ + if (r->expecting_100) { + return HTTP_EXPECTATION_FAILED; + } p_conn->close++; } else { buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.1" CRLF, NULL);