mirror of
https://github.com/apache/httpd.git
synced 2025-08-05 16:55:50 +03:00
http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code
for clients requesting a hostname on a reused connection whose SNI (from the TLS handshake) does not match. PR 5802. This allows HTTP/2 clients to fall back to a new connection as per: https://tools.ietf.org/html/rfc7540#section-9.1.2 Proposed by: Stefan Eissing <stefan eissing.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685069 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
@@ -519,6 +519,7 @@ AP_DECLARE(const char *) ap_get_server_built(void);
|
||||
#define HTTP_RANGE_NOT_SATISFIABLE 416
|
||||
#define HTTP_EXPECTATION_FAILED 417
|
||||
#define HTTP_IM_A_TEAPOT 418
|
||||
#define HTTP_MISDIRECTED_REQUEST 421
|
||||
#define HTTP_UNPROCESSABLE_ENTITY 422
|
||||
#define HTTP_LOCKED 423
|
||||
#define HTTP_FAILED_DEPENDENCY 424
|
||||
|
@@ -135,7 +135,7 @@ static const char * const status_lines[RESPONSE_CODES] =
|
||||
"418 I'm A Teapot",
|
||||
NULL, /* 419 */
|
||||
NULL, /* 420 */
|
||||
NULL, /* 421 */
|
||||
"421 Misdirected Request",
|
||||
"422 Unprocessable Entity",
|
||||
"423 Locked",
|
||||
"424 Failed Dependency",
|
||||
@@ -1308,6 +1308,11 @@ static const char *get_canned_error_string(int status,
|
||||
case HTTP_IM_A_TEAPOT:
|
||||
return("<p>The resulting entity body MAY be short and\n"
|
||||
"stout.</p>\n");
|
||||
case HTTP_MISDIRECTED_REQUEST:
|
||||
return("<p>The client needs a new connection for this\n"
|
||||
"request as the requested host name does not match\n"
|
||||
"the Server Name Indication (SNI) in use for this\n"
|
||||
"connection.</p>\n");
|
||||
default: /* HTTP_INTERNAL_SERVER_ERROR */
|
||||
/*
|
||||
* This comparison to expose error-notes could be modified to
|
||||
|
@@ -204,6 +204,9 @@ int ssl_hook_ReadReq(request_rec *r)
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
|
||||
"Hostname %s provided via SNI and hostname %s provided"
|
||||
" via HTTP are different", servername, host);
|
||||
if (r->connection->keepalives > 0) {
|
||||
return HTTP_MISDIRECTED_REQUEST;
|
||||
}
|
||||
return HTTP_BAD_REQUEST;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user