Le 27/11/2019 à 11:59, Christopher Faulet a écrit :
Le 27/11/2019 à 04:03, Willy Tarreau a écrit :
On Wed, Nov 27, 2019 at 12:31:48AM +0100, Lukas Tribus wrote:
That said, I'm not sure this was really the intention of the change in
question (commit 531b83e03 "MINOR: h1: Reject requests if the
authority does not match the header host"). Christopher?
I'm pretty sure it was not intended and as the commit message mentions,
it's more of an accidental side effect of correctly matching the Host
with the URI. I suspect we're lacking a direction check to make sure
the test only happens on the request path.
You're right Willy, it is a bug. The host header must only by checked for the
requests. I will push a fix.
FYI, the fix was merged and backported.