Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Thu, Jun 18, 2020 at 6:03 PM Stefan Eissing wrote: > > ap_parse_request_line() for example, checks the initial HTTP/1.1 request line > *and* > the method names, uri, header_only and other request_rec fields. > > We can either copy the latter into mod_http2 and maintain it in two places or >

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

Thanks! > Am 19.06.2020 um 14:02 schrieb Ruediger Pluem : > > > > On 6/18/20 9:58 PM, Ruediger Pluem wrote: > >> >> Provided that my above understanding is correct I see no real benefit any >> longer in returning a 505 and I would >> revert r1878708 and all the follow ups (from r1878926

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/18/20 9:58 PM, Ruediger Pluem wrote: > > Provided that my above understanding is correct I see no real benefit any > longer in returning a 505 and I would > revert r1878708 and all the follow ups (from r1878926 only the changes to > modules/http2/h2_request.c and probably CHANGES as

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/18/20 8:55 PM, Roy T. Fielding wrote: >> On Jun 18, 2020, at 9:03 AM, Stefan Eissing > > wrote: >>> Am 18.06.2020 um 16:51 schrieb William A Rowe Jr >> >: >>> >>> >>> On 6/18/20 12:09 AM, Roy T. Fielding wrote: >

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

> On Jun 18, 2020, at 9:03 AM, Stefan Eissing > wrote: >> Am 18.06.2020 um 16:51 schrieb William A Rowe Jr : >> >> >> On 6/18/20 12:09 AM, Roy T. Fielding wrote: On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote: I came across the question if we should not

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

Stefan Eissing bytes GmbH Hafenweg 16 48155 Münster www.greenbytes.de > Am 18.06.2020 um 16:51 schrieb William A Rowe Jr : > > > On 6/18/20 12:09 AM, Roy T. Fielding wrote: > >> On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote: > >> > >> I came across the question if we

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

> On 6/18/20 12:09 AM, Roy T. Fielding wrote: > >> On Jun 8, 2020, at 12:56 AM, Ruediger Pluem > wrote: > >> > >> I came across the question if we should not reject HTTP protocols > >= 2.0 in the request line when we parse it > >> in ap_parse_request_line. > >> This does

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/18/20 12:21 PM, Stefan Eissing wrote: >> Am 18.06.2020 um 11:49 schrieb Ruediger Pluem : >> >> >> >> On 6/18/20 10:37 AM, Stefan Eissing wrote: >>> >>> Stefan Eissing >>> >>> bytes GmbH >>> Hafenweg 16 >>> 48155 Münster >>> www.greenbytes.de >>> Am 18.06.2020 um 09:48 schrieb Ruediger

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

> Am 18.06.2020 um 11:49 schrieb Ruediger Pluem : > > > > On 6/18/20 10:37 AM, Stefan Eissing wrote: >> >> Stefan Eissing >> >> bytes GmbH >> Hafenweg 16 >> 48155 Münster >> www.greenbytes.de >> >>> Am 18.06.2020 um 09:48 schrieb Ruediger Pluem : >>> >>> >>> >>> On 6/18/20 12:09 AM, Roy

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/18/20 10:37 AM, Stefan Eissing wrote: > > Stefan Eissing > > bytes GmbH > Hafenweg 16 > 48155 Münster > www.greenbytes.de > >> Am 18.06.2020 um 09:48 schrieb Ruediger Pluem : >> >> >> >> On 6/18/20 12:09 AM, Roy T. Fielding wrote: On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote:

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

Stefan Eissing bytes GmbH Hafenweg 16 48155 Münster www.greenbytes.de > Am 18.06.2020 um 09:48 schrieb Ruediger Pluem : > > > > On 6/18/20 12:09 AM, Roy T. Fielding wrote: >>> On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote: >>> >>> I came across the question if we should not reject

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/18/20 12:09 AM, Roy T. Fielding wrote: >> On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote: >> >> I came across the question if we should not reject HTTP protocols >= 2.0 in >> the request line when we parse it >> in ap_parse_request_line. >> This does not affect mod_http2 if loaded as

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

> On Jun 8, 2020, at 12:56 AM, Ruediger Pluem wrote: > > I came across the question if we should not reject HTTP protocols >= 2.0 in > the request line when we parse it > in ap_parse_request_line. > This does not affect mod_http2 if loaded as HTTP/2.0 connections itself are > not parsed via

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 8:38 PM Ruediger Pluem wrote: > > On 6/8/20 6:06 PM, Yann Ylavic wrote: > > On Mon, Jun 8, 2020 at 5:43 PM Julian Reschke wrote: > >> > >> On 08.06.2020 16:59, Yann Ylavic wrote: > >>> On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: > > I came across the

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 10:12 PM Ruediger Pluem wrote: > > On 6/8/20 10:05 PM, Yann Ylavic wrote: > > On Mon, Jun 8, 2020 at 9:30 PM Ruediger Pluem wrote: > >> > >> On 6/8/20 4:59 PM, Yann Ylavic wrote: > >>> On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: > > I came across the

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/8/20 10:05 PM, Yann Ylavic wrote: > On Mon, Jun 8, 2020 at 9:30 PM Ruediger Pluem wrote: >> >> On 6/8/20 4:59 PM, Yann Ylavic wrote: >>> On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: I came across the question if we should not reject HTTP protocols >= 2.0 in the

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 10:05 PM Yann Ylavic wrote: > > On Mon, Jun 8, 2020 at 9:30 PM Ruediger Pluem wrote: > > > > I think we could, but I am not sure if we have ap_parse_uri callers in > > other parts of the code that do not pass absolute URI's > > This patch works with absolute URIs too

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 9:30 PM Ruediger Pluem wrote: > > On 6/8/20 4:59 PM, Yann Ylavic wrote: > > On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: > >> > >> I came across the question if we should not reject HTTP protocols >= 2.0 > >> in the request line when we parse it > >> in

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/8/20 4:59 PM, Yann Ylavic wrote: > On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: >> >> I came across the question if we should not reject HTTP protocols >= 2.0 in >> the request line when we parse it >> in ap_parse_request_line. > > Why not >= 1.2 ? > >> A possible patch could

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 6/8/20 6:06 PM, Yann Ylavic wrote: > On Mon, Jun 8, 2020 at 5:43 PM Julian Reschke wrote: >> >> On 08.06.2020 16:59, Yann Ylavic wrote: >>> On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: I came across the question if we should not reject HTTP protocols >= 2.0 in the

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 5:43 PM Julian Reschke wrote: > > On 08.06.2020 16:59, Yann Ylavic wrote: > > On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: > >> > >> I came across the question if we should not reject HTTP protocols >= 2.0 > >> in the request line when we parse it > >> in

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On 08.06.2020 16:59, Yann Ylavic wrote: On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: I came across the question if we should not reject HTTP protocols >= 2.0 in the request line when we parse it in ap_parse_request_line. Why not >= 1.2 ? In *theory*, there could a future HTTP/1.2

Re: Reject HTTP protocols >= 2.0 in ap_parse_request_line?

On Mon, Jun 8, 2020 at 9:56 AM Ruediger Pluem wrote: > > I came across the question if we should not reject HTTP protocols >= 2.0 in > the request line when we parse it > in ap_parse_request_line. Why not >= 1.2 ? > A possible patch could look like the following (which rejects such requests >