Re: httpd: expand HTTP Host
OK reyk - go for it Florian Obser: > > This is OK florian@ or I can commit it if someone else OKs it. > >> On Wed, Mar 15, 2017 at 05:55:35PM +, Rivo Nurges wrote: >> Hi! >> >> New simplified version of the patch. >> >> Test results: >> HTTP 1.1 with Host: >> HTTP/1.0 301 Moved Permanently >> Location: https://testhttp.int/ >> >> HTTP 1.0 with Host: >> HTTP/1.0 301 Moved Permanently >> Location: https://testhttp.int/ >> >> HTTP 1.1 without Host: >> HTTP/1.0 400 Bad Request >> >> HTTP 1.0 without Host: >> HTTP/1.0 301 Moved Permanently >> Location: https://10.10.10.10/ >> >> GET /: >> HTTP/1.0 400 Bad Request >> >> >> Rivo >> >> Index: usr.sbin/httpd/server_http.c >> === >> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v >> retrieving revision 1.115 >> diff -u -p -r1.115 server_http.c >> --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -1.115 >> +++ usr.sbin/httpd/server_http.c15 Mar 2017 17:51:14 - >> @@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c >>if (ret != 0) >>return (NULL); >>} >> +if (strstr(val, "$HTTP_HOST") != NULL) { >> +if (desc->http_host == NULL) >> +return (NULL); >> +if ((str = url_encode(desc->http_host)) == NULL) >> +return (NULL); >> +expand_string(buf, len, "$HTTP_HOST", str); >> +free(str); >> +} >>if (strstr(val, "$REMOTE_") != NULL) { >>if (strstr(val, "$REMOTE_ADDR") != NULL) { >>if (print_host(>clt_ss, >> Index: usr.sbin/httpd/httpd.conf.5 >> === >> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v >> retrieving revision 1.79 >> diff -u -p -r1.79 httpd.conf.5 >> --- usr.sbin/httpd/httpd.conf.57 Feb 2017 12:27:42 -1.79 >> +++ usr.sbin/httpd/httpd.conf.515 Mar 2017 17:51:14 - >> @@ -221,6 +221,8 @@ The configured IP address of the server. >> The configured TCP server port of the server. >> .It Ic $SERVER_NAME >> The name of the server. >> +.It Ic $HTTP_HOST >> +The host from the HTTP Host header. >> .It Pf % Ar n >> The capture index >> .Ar n >> >> begin-base64 644 http_host.diff >> SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog >> L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp >> b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 >> dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz >> ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg >> LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 >> LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo >> dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO >> VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0 >> dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1 >> ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0 >> cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF >> X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4 >> OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z >> cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5 >> CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu >> Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv >> aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg >> QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy >> ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU >> aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g >> dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog >> LkFyIG4K >> >> > > -- > I'm not entirely sure you are real. >
Re: httpd: expand HTTP Host
This is OK florian@ or I can commit it if someone else OKs it. On Wed, Mar 15, 2017 at 05:55:35PM +, Rivo Nurges wrote: > Hi! > > New simplified version of the patch. > > Test results: > HTTP 1.1 with Host: > HTTP/1.0 301 Moved Permanently > Location: https://testhttp.int/ > > HTTP 1.0 with Host: > HTTP/1.0 301 Moved Permanently > Location: https://testhttp.int/ > > HTTP 1.1 without Host: > HTTP/1.0 400 Bad Request > > HTTP 1.0 without Host: > HTTP/1.0 301 Moved Permanently > Location: https://10.10.10.10/ > > GET /: > HTTP/1.0 400 Bad Request > > > Rivo > > Index: usr.sbin/httpd/server_http.c > === > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.115 > diff -u -p -r1.115 server_http.c > --- usr.sbin/httpd/server_http.c 10 Mar 2017 21:06:43 - 1.115 > +++ usr.sbin/httpd/server_http.c 15 Mar 2017 17:51:14 - > @@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c > if (ret != 0) > return (NULL); > } > + if (strstr(val, "$HTTP_HOST") != NULL) { > + if (desc->http_host == NULL) > + return (NULL); > + if ((str = url_encode(desc->http_host)) == NULL) > + return (NULL); > + expand_string(buf, len, "$HTTP_HOST", str); > + free(str); > + } > if (strstr(val, "$REMOTE_") != NULL) { > if (strstr(val, "$REMOTE_ADDR") != NULL) { > if (print_host(>clt_ss, > Index: usr.sbin/httpd/httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.79 > diff -u -p -r1.79 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 > +++ usr.sbin/httpd/httpd.conf.5 15 Mar 2017 17:51:14 - > @@ -221,6 +221,8 @@ The configured IP address of the server. > The configured TCP server port of the server. > .It Ic $SERVER_NAME > The name of the server. > +.It Ic $HTTP_HOST > +The host from the HTTP Host header. > .It Pf % Ar n > The capture index > .Ar n > > begin-base64 644 http_host.diff > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg > LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 > LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo > dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO > VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0 > dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1 > ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0 > cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF > X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4 > OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z > cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5 > CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu > Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv > aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg > QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy > ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU > aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g > dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog > LkFyIG4K > > -- I'm not entirely sure you are real.
Re: httpd: expand HTTP Host
Hi! New simplified version of the patch. Test results: HTTP 1.1 with Host: HTTP/1.0 301 Moved Permanently Location: https://testhttp.int/ HTTP 1.0 with Host: HTTP/1.0 301 Moved Permanently Location: https://testhttp.int/ HTTP 1.1 without Host: HTTP/1.0 400 Bad Request HTTP 1.0 without Host: HTTP/1.0 301 Moved Permanently Location: https://10.10.10.10/ GET /: HTTP/1.0 400 Bad Request Rivo Index: usr.sbin/httpd/server_http.c === RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.115 diff -u -p -r1.115 server_http.c --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 - 1.115 +++ usr.sbin/httpd/server_http.c15 Mar 2017 17:51:14 - @@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c if (ret != 0) return (NULL); } + if (strstr(val, "$HTTP_HOST") != NULL) { + if (desc->http_host == NULL) + return (NULL); + if ((str = url_encode(desc->http_host)) == NULL) + return (NULL); + expand_string(buf, len, "$HTTP_HOST", str); + free(str); + } if (strstr(val, "$REMOTE_") != NULL) { if (strstr(val, "$REMOTE_ADDR") != NULL) { if (print_host(>clt_ss, Index: usr.sbin/httpd/httpd.conf.5 === RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v retrieving revision 1.79 diff -u -p -r1.79 httpd.conf.5 --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 +++ usr.sbin/httpd/httpd.conf.5 15 Mar 2017 17:51:14 - @@ -221,6 +221,8 @@ The configured IP address of the server. The configured TCP server port of the server. .It Ic $SERVER_NAME The name of the server. +.It Ic $HTTP_HOST +The host from the HTTP Host header. .It Pf % Ar n The capture index .Ar n begin-base64 644 http_host.diff SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0 dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1 ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0 cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4 OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5 CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog LkFyIG4K
Re: httpd: expand HTTP Host
Hi! Sure. Should I create new patch? Rivo On 13/03/2017, 20:38, "Florian Obser"wrote: On Mon, Mar 13, 2017 at 06:22:50PM +, Rivo Nurges wrote: > Hi! > > Host header is mandatory for HTTP 1.1 requests and httpd will return > 400 Bad request without it. With HTTP 1.0 requests I get 301 to the > IP the httpd is running on. > right, so the if (desc->http_host == NULL) { can't actually happen. how about + if (desc->http_host == NULL) + return (NULL) + + if ((str = url_encode(desc->http_host)) == NULL) ... that would be OK by me > Connected to 10.XXX > Escape character is '^]'. > GET / HTTP/1.0\r\n\r\n > > HTTP/1.0 301 Moved Permanently > Date: Mon, 13 Mar 2017 18:20:48 GMT > Server: OpenBSD httpd > Connection: close > Content-Type: text/html > Content-Length: 443 > Location: https://10.XXX/ > > Rivo > > On 13/03/2017, 20:10, "Florian Obser" wrote: > > On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote: > > Hi! > > > > Following will add possibility to expand $HTTP_HOST to the HTTP > > Host header in "block return". > > > > In my setup I have relayd on port 443 and httpd on 80. This patch > > allows me to redirect http(httpd) to https(relayd) without knowing > > the host. > > > > /etc/httpd.conf: > > server "redirect" { > > listen on * port 80 > > block return 301 "https://$HTTP_HOST$REQUEST_URI; > > } > > > > Rivo > > > > Index: usr.sbin/httpd/server_http.c > > === > > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > > retrieving revision 1.115 > > diff -u -p -r1.115 server_http.c > > --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 - 1.115 > > +++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 - > > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c > > if (ret != 0) > > return (NULL); > > } > > + if (strstr(val, "$HTTP_HOST") != NULL) { > > + if (desc->http_host == NULL) { > > + ret = expand_string(buf, len, "$HTTP_HOST", ""); > > This will not create a working redirect. Should we return 500 instead > if there is no host header? > > What is nginx doing in that case? > > nginx has $http_host and $host, $host is assigned the host header and > if that doesn't exist the server name. (Wouldn't help in your case > since it would redirect to https://redirect/). > > Other than this looks good. > > > + } else { > > + if ((str = url_encode(desc->http_host)) == NULL) > > + return (NULL); > > + ret = expand_string(buf, len, "$HTTP_HOST", str); > > + free(str); > > + } > > + if (ret != 0) > > + return (NULL); > > + } > > if (strstr(val, "$REMOTE_") != NULL) { > > if (strstr(val, "$REMOTE_ADDR") != NULL) { > > if (print_host(>clt_ss, > > Index: usr.sbin/httpd/httpd.conf.5 > > === > > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > > retrieving revision 1.79 > > diff -u -p -r1.79 httpd.conf.5 > > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 > > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 - > > @@ -221,6 +221,8 @@ The configured IP address of the server. > > The configured TCP server port of the server. > > .It Ic $SERVER_NAME > > The name of the server. > > +.It Ic $HTTP_HOST > > +The host from the HTTP Host header. > > .It Pf % Ar n > > The capture index > > .Ar n > > > > begin-base64 644 http_host.diff > > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > >
Re: httpd: expand HTTP Host
On Mon, Mar 13, 2017 at 06:22:50PM +, Rivo Nurges wrote: > Hi! > > Host header is mandatory for HTTP 1.1 requests and httpd will return > 400 Bad request without it. With HTTP 1.0 requests I get 301 to the > IP the httpd is running on. > right, so the if (desc->http_host == NULL) { can't actually happen. how about + if (desc->http_host == NULL) + return (NULL) + + if ((str = url_encode(desc->http_host)) == NULL) ... that would be OK by me > Connected to 10.XXX > Escape character is '^]'. > GET / HTTP/1.0\r\n\r\n > > HTTP/1.0 301 Moved Permanently > Date: Mon, 13 Mar 2017 18:20:48 GMT > Server: OpenBSD httpd > Connection: close > Content-Type: text/html > Content-Length: 443 > Location: https://10.XXX/ > > Rivo > > On 13/03/2017, 20:10, "Florian Obser"wrote: > > On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote: > > Hi! > > > > Following will add possibility to expand $HTTP_HOST to the HTTP > > Host header in "block return". > > > > In my setup I have relayd on port 443 and httpd on 80. This patch > > allows me to redirect http(httpd) to https(relayd) without knowing > > the host. > > > > /etc/httpd.conf: > > server "redirect" { > > listen on * port 80 > > block return 301 "https://$HTTP_HOST$REQUEST_URI; > > } > > > > Rivo > > > > Index: usr.sbin/httpd/server_http.c > > === > > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > > retrieving revision 1.115 > > diff -u -p -r1.115 server_http.c > > --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 - > 1.115 > > +++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 - > > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c > > if (ret != 0) > > return (NULL); > > } > > + if (strstr(val, "$HTTP_HOST") != NULL) { > > + if (desc->http_host == NULL) { > > + ret = expand_string(buf, len, "$HTTP_HOST", ""); > > This will not create a working redirect. Should we return 500 instead > if there is no host header? > > What is nginx doing in that case? > > nginx has $http_host and $host, $host is assigned the host header and > if that doesn't exist the server name. (Wouldn't help in your case > since it would redirect to https://redirect/). > > Other than this looks good. > > > + } else { > > + if ((str = url_encode(desc->http_host)) == NULL) > > + return (NULL); > > + ret = expand_string(buf, len, "$HTTP_HOST", > str); > > + free(str); > > + } > > + if (ret != 0) > > + return (NULL); > > + } > > if (strstr(val, "$REMOTE_") != NULL) { > > if (strstr(val, "$REMOTE_ADDR") != NULL) { > > if (print_host(>clt_ss, > > Index: usr.sbin/httpd/httpd.conf.5 > > === > > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > > retrieving revision 1.79 > > diff -u -p -r1.79 httpd.conf.5 > > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 > > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 - > > @@ -221,6 +221,8 @@ The configured IP address of the server. > > The configured TCP server port of the server. > > .It Ic $SERVER_NAME > > The name of the server. > > +.It Ic $HTTP_HOST > > +The host from the HTTP Host header. > > .It Pf % Ar n > > The capture index > > .Ar n > > > > begin-base64 644 http_host.diff > > > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > > > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > > > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > > > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > > > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > > > ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg > > > LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 > > > LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo > > > dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO > > > VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi > > > KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp > > >
Re: httpd: expand HTTP Host
Hi! Host header is mandatory for HTTP 1.1 requests and httpd will return 400 Bad request without it. With HTTP 1.0 requests I get 301 to the IP the httpd is running on. Connected to 10.XXX Escape character is '^]'. GET / HTTP/1.0\r\n\r\n HTTP/1.0 301 Moved Permanently Date: Mon, 13 Mar 2017 18:20:48 GMT Server: OpenBSD httpd Connection: close Content-Type: text/html Content-Length: 443 Location: https://10.XXX/ Rivo On 13/03/2017, 20:10, "Florian Obser"wrote: On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote: > Hi! > > Following will add possibility to expand $HTTP_HOST to the HTTP > Host header in "block return". > > In my setup I have relayd on port 443 and httpd on 80. This patch > allows me to redirect http(httpd) to https(relayd) without knowing > the host. > > /etc/httpd.conf: > server "redirect" { > listen on * port 80 > block return 301 "https://$HTTP_HOST$REQUEST_URI; > } > > Rivo > > Index: usr.sbin/httpd/server_http.c > === > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.115 > diff -u -p -r1.115 server_http.c > --- usr.sbin/httpd/server_http.c 10 Mar 2017 21:06:43 - 1.115 > +++ usr.sbin/httpd/server_http.c 11 Mar 2017 17:51:23 - > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c > if (ret != 0) > return (NULL); > } > + if (strstr(val, "$HTTP_HOST") != NULL) { > + if (desc->http_host == NULL) { > + ret = expand_string(buf, len, "$HTTP_HOST", ""); This will not create a working redirect. Should we return 500 instead if there is no host header? What is nginx doing in that case? nginx has $http_host and $host, $host is assigned the host header and if that doesn't exist the server name. (Wouldn't help in your case since it would redirect to https://redirect/). Other than this looks good. > + } else { > + if ((str = url_encode(desc->http_host)) == NULL) > + return (NULL); > + ret = expand_string(buf, len, "$HTTP_HOST", str); > + free(str); > + } > + if (ret != 0) > + return (NULL); > + } > if (strstr(val, "$REMOTE_") != NULL) { > if (strstr(val, "$REMOTE_ADDR") != NULL) { > if (print_host(>clt_ss, > Index: usr.sbin/httpd/httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.79 > diff -u -p -r1.79 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 - > @@ -221,6 +221,8 @@ The configured IP address of the server. > The configured TCP server port of the server. > .It Ic $SERVER_NAME > The name of the server. > +.It Ic $HTTP_HOST > +The host from the HTTP Host header. > .It Pf % Ar n > The capture index > .Ar n > > begin-base64 644 http_host.diff > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg > LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 > LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo > dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO > VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi > KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp > KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1 > ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl > dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF > XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM > KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw > ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0 > cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx >
Re: httpd: expand HTTP Host
On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote: > Hi! > > Following will add possibility to expand $HTTP_HOST to the HTTP > Host header in "block return". > > In my setup I have relayd on port 443 and httpd on 80. This patch > allows me to redirect http(httpd) to https(relayd) without knowing > the host. > > /etc/httpd.conf: > server "redirect" { > listen on * port 80 > block return 301 "https://$HTTP_HOST$REQUEST_URI; > } > > Rivo > > Index: usr.sbin/httpd/server_http.c > === > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.115 > diff -u -p -r1.115 server_http.c > --- usr.sbin/httpd/server_http.c 10 Mar 2017 21:06:43 - 1.115 > +++ usr.sbin/httpd/server_http.c 11 Mar 2017 17:51:23 - > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c > if (ret != 0) > return (NULL); > } > + if (strstr(val, "$HTTP_HOST") != NULL) { > + if (desc->http_host == NULL) { > + ret = expand_string(buf, len, "$HTTP_HOST", ""); This will not create a working redirect. Should we return 500 instead if there is no host header? What is nginx doing in that case? nginx has $http_host and $host, $host is assigned the host header and if that doesn't exist the server name. (Wouldn't help in your case since it would redirect to https://redirect/). Other than this looks good. > + } else { > + if ((str = url_encode(desc->http_host)) == NULL) > + return (NULL); > + ret = expand_string(buf, len, "$HTTP_HOST", str); > + free(str); > + } > + if (ret != 0) > + return (NULL); > + } > if (strstr(val, "$REMOTE_") != NULL) { > if (strstr(val, "$REMOTE_ADDR") != NULL) { > if (print_host(>clt_ss, > Index: usr.sbin/httpd/httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.79 > diff -u -p -r1.79 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 - > @@ -221,6 +221,8 @@ The configured IP address of the server. > The configured TCP server port of the server. > .It Ic $SERVER_NAME > The name of the server. > +.It Ic $HTTP_HOST > +The host from the HTTP Host header. > .It Pf % Ar n > The capture index > .Ar n > > begin-base64 644 http_host.diff > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg > LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 > LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo > dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO > VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi > KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp > KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1 > ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl > dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF > XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM > KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw > ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0 > cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx > Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw > MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx > IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy > ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw > b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg > c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo > ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K > > -- I'm not entirely sure you are real.
httpd: expand HTTP Host
Hi! Following will add possibility to expand $HTTP_HOST to the HTTP Host header in "block return". In my setup I have relayd on port 443 and httpd on 80. This patch allows me to redirect http(httpd) to https(relayd) without knowing the host. /etc/httpd.conf: server "redirect" { listen on * port 80 block return 301 "https://$HTTP_HOST$REQUEST_URI; } Rivo Index: usr.sbin/httpd/server_http.c === RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.115 diff -u -p -r1.115 server_http.c --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 - 1.115 +++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 - @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c if (ret != 0) return (NULL); } + if (strstr(val, "$HTTP_HOST") != NULL) { + if (desc->http_host == NULL) { + ret = expand_string(buf, len, "$HTTP_HOST", ""); + } else { + if ((str = url_encode(desc->http_host)) == NULL) + return (NULL); + ret = expand_string(buf, len, "$HTTP_HOST", str); + free(str); + } + if (ret != 0) + return (NULL); + } if (strstr(val, "$REMOTE_") != NULL) { if (strstr(val, "$REMOTE_ADDR") != NULL) { if (print_host(>clt_ss, Index: usr.sbin/httpd/httpd.conf.5 === RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v retrieving revision 1.79 diff -u -p -r1.79 httpd.conf.5 --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 - 1.79 +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 - @@ -221,6 +221,8 @@ The configured IP address of the server. The configured TCP server port of the server. .It Ic $SERVER_NAME The name of the server. +.It Ic $HTTP_HOST +The host from the HTTP Host header. .It Pf % Ar n The capture index .Ar n begin-base64 644 http_host.diff SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1 ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0 cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K