Hi!
Sure. Should I create new patch?
Rivo
On 13/03/2017, 20:38, "Florian Obser" <flor...@openbsd.org> wrote:
On Mon, Mar 13, 2017 at 06:22:50PM +0000, Rivo Nurges wrote:
> Hi!
>
> Host header is mandatory for HTTP 1.1 requests and httpd will return
> 400 Bad request without it. With HTTP 1.0 requests I get 301 to the
> IP the httpd is running on.
>
right, so the
if (desc->http_host == NULL) {
can't actually happen.
how about
+ if (desc->http_host == NULL)
+ return (NULL)
+
+ if ((str = url_encode(desc->http_host)) == NULL)
...
that would be OK by me
> Connected to 10.XXX
> Escape character is '^]'.
> GET / HTTP/1.0\r\n\r\n
>
> HTTP/1.0 301 Moved Permanently
> Date: Mon, 13 Mar 2017 18:20:48 GMT
> Server: OpenBSD httpd
> Connection: close
> Content-Type: text/html
> Content-Length: 443
> Location: https://10.XXX/
>
> Rivo
>
> On 13/03/2017, 20:10, "Florian Obser" <flor...@openbsd.org> wrote:
>
> On Sat, Mar 11, 2017 at 06:11:53PM +0000, Rivo Nurges wrote:
> > Hi!
> >
> > Following will add possibility to expand $HTTP_HOST to the HTTP
> > Host header in "block return".
> >
> > In my setup I have relayd on port 443 and httpd on 80. This patch
> > allows me to redirect http(httpd) to https(relayd) without knowing
> > the host.
> >
> > /etc/httpd.conf:
> > server "redirect" {
> > listen on * port 80
> > block return 301 "https://$HTTP_HOST$REQUEST_URI";
> > }
> >
> > Rivo
> >
> > Index: usr.sbin/httpd/server_http.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> > retrieving revision 1.115
> > diff -u -p -r1.115 server_http.c
> > --- usr.sbin/httpd/server_http.c 10 Mar 2017 21:06:43 -0000
1.115
> > +++ usr.sbin/httpd/server_http.c 11 Mar 2017 17:51:23 -0000
> > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
> > if (ret != 0)
> > return (NULL);
> > }
> > + if (strstr(val, "$HTTP_HOST") != NULL) {
> > + if (desc->http_host == NULL) {
> > + ret = expand_string(buf, len, "$HTTP_HOST", "");
>
> This will not create a working redirect. Should we return 500 instead
> if there is no host header?
>
> What is nginx doing in that case?
>
> nginx has $http_host and $host, $host is assigned the host header and
> if that doesn't exist the server name. (Wouldn't help in your case
> since it would redirect to https://redirect/).
>
> Other than this looks good.
>
> > + } else {
> > + if ((str = url_encode(desc->http_host)) == NULL)
> > + return (NULL);
> > + ret = expand_string(buf, len, "$HTTP_HOST",
str);
> > + free(str);
> > + }
> > + if (ret != 0)
> > + return (NULL);
> > + }
> > if (strstr(val, "$REMOTE_") != NULL) {
> > if (strstr(val, "$REMOTE_ADDR") != NULL) {
> > if (print_host(&clt->clt_ss,
> > Index: usr.sbin/httpd/httpd.conf.5
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > retrieving revision 1.79
> > diff -u -p -r1.79 httpd.conf.5
> > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -0000
1.79
> > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 -0000
> > @@ -221,6 +221,8 @@ The configured IP address of the server.
> > The configured TCP server port of the server.
> > .It Ic $SERVER_NAME
> > The name of the server.
> > +.It Ic $HTTP_HOST
> > +The host from the HTTP Host header.
> > .It Pf % Ar n
> > The capture index
> > .Ar n
> >
> > begin-base64 644 http_host.diff
> >
SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> >
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> >
L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> >
b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> >
dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> >
ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg
> >
LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
> >
LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
> >
dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
> >
VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi
> >
KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp
> >
KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1
> >
ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl
> >
dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
> >
XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM
> >
KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw
> >
ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> >
PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0
> >
cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx
> >
Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw
> >
MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx
> >
IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy
> >
ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw
> >
b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg
> >
c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo
> > ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K
> > ====
> >
>
> --
> I'm not entirely sure you are real.
>
>
--
I'm not entirely sure you are real.
