Hi Willy,
Being devil's advocate : isn't the point that even if this is a documented,
standardized and intended behavior, users relying on the reverse proxy for
security/sanity checks could by tricked by this feature inadvertently ?
--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager
- Mail original -
De: "Willy Tarreau"
À: "Igor Cicimov"
Cc: "haproxy"
Envoyé: Vendredi 11 Septembre 2020 08:19:12
Objet: [*EXT*] Re: http2 smuggling
On Fri, Sep 11, 2020 at 08:07:02AM +0200, Willy Tarreau wrote:
> Sadly, as usual after people discover protocols during the summer, some
> journalists will surely want to make noise about this to put some bread
> on their table...
>
> Thanks for the link anyway I had a partial laugh; partial only because
> it makes useless noise.
And sadly, this one already started to make some noise there about his
recent discovery of a 20-years old standard:
https://twitter.com/theBumbleSec
Had he asked if we supported 101, we could even have saved him time
in his HTTP discover test by pointing him to the doc:
http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/configuration.txt;h=c1f6f82;hb=HEAD#l332
Probably that next year he will discover that we also support CONNECT.
It's not even funny, the world is really doomed...
Willy
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301