From 64d40f3a340fd43631a6da09750fb49822f5549b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 2 Oct 2009 21:11:13 +1300
Subject: [PATCH] Bug 2722: http_port accel combined with CONNECT has bizarre
 behaviour

---
 src/client_side.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/client_side.cc b/src/client_side.cc
index dc0a3cc2ee..3f8cf77d82 100755
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1913,6 +1913,15 @@ parseHttpRequest(ConnStateData::Pointer & conn, HttpParser *hp, method_t * metho
     /* Set method_p */
     *method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]);
 
+    /* deny CONNECT via accelerated ports */
+    if (*method_p == METHOD_CONNECT && conn && conn->port && conn->port->accel) {
+        debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << conn->port->protocol << " Accelerator port " << conn->port->s.GetPort() );
+        /* XXX need a way to say "this many character length string" */
+        debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
+        /* XXX need some way to set 405 status on the error reply */
+        return parseHttpRequestAbort(conn, "error:method-not-allowed");
+    }
+
     if (*method_p == METHOD_NONE) {
         /* AYJ: hp->buf is occasionally full of binary crap. Replace any non-printables with underscores.
                 Also crop the output at 100 chars, we should not need a whole binary streaming video to identify the issue
-- 
2.47.2