Hi Willy, Being devil's advocate : isn't the point that even if this is a documented, standardized and intended behavior, users relying on the reverse proxy for security/sanity checks could by tricked by this feature inadvertently ?
-- Ionel GARDAIS Tech'Advantage CIO - IT Team manager ----- Mail original ----- De: "Willy Tarreau" <w...@1wt.eu> À: "Igor Cicimov" <ig...@encompasscorporation.com> Cc: "haproxy" <haproxy@formilux.org> Envoyé: Vendredi 11 Septembre 2020 08:19:12 Objet: [*EXT*] Re: http2 smuggling On Fri, Sep 11, 2020 at 08:07:02AM +0200, Willy Tarreau wrote: > Sadly, as usual after people discover protocols during the summer, some > journalists will surely want to make noise about this to put some bread > on their table... > > Thanks for the link anyway I had a partial laugh; partial only because > it makes useless noise. And sadly, this one already started to make some noise there about his recent discovery of a 20-years old standard: https://twitter.com/theBumbleSec Had he asked if we supported 101, we could even have saved him time in his HTTP discover test by pointing him to the doc: http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/configuration.txt;h=c1f6f82;hb=HEAD#l332 Probably that next year he will discover that we also support CONNECT. It's not even funny, the world is really doomed... Willy -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301