* According to RFC 2616 8.2.3 we are not allowed to forward an

Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return a HTTP_EXPECTATION_FAILED. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@661506 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2008-05-29 22:19:17 +00:00
parent 6e450bc660
commit b6f1efd3b2
2 changed files with 12 additions and 0 deletions
--- a/4
+++ b/4
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]

+  *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
+     known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
+     [Ruediger Pluem]
+
  *) core, authn/z: Determine registered authn/z providers directly in
     ap_setup_auth_internal(), which allows optional functions that just
     wrapped ap_list_provider_names() to be removed from authn/z modules.
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -692,6 +692,14 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
    if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
        buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.0" CRLF, NULL);
        force10 = 1;
+        /*
+         * According to RFC 2616 8.2.3 we are not allowed to forward an
+         * Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return
+         * a HTTP_EXPECTATION_FAILED
+         */
+        if (r->expecting_100) {
+            return HTTP_EXPECTATION_FAILED;
+        }
        p_conn->close++;
    } else {
        buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.1" CRLF, NULL);