Commit ce60379a authored by Sergey Lyubka's avatar Sergey Lyubka

sending 405 for proxy request if connect is not allowed

parent e0b9e4ab
...@@ -4200,7 +4200,6 @@ static void open_local_endpoint(struct connection *conn, int skip_user) { ...@@ -4200,7 +4200,6 @@ static void open_local_endpoint(struct connection *conn, int skip_user) {
file_stat_t st; file_stat_t st;
int exists = 0; int exists = 0;
#endif #endif
const char *pxy = conn->server->config_options[ENABLE_PROXY];
// If EP_USER was set in a prev call, reset it // If EP_USER was set in a prev call, reset it
conn->endpoint_type = EP_NONE; conn->endpoint_type = EP_NONE;
...@@ -4229,10 +4228,14 @@ static void open_local_endpoint(struct connection *conn, int skip_user) { ...@@ -4229,10 +4228,14 @@ static void open_local_endpoint(struct connection *conn, int skip_user) {
return; return;
} }
if (pxy != NULL && !strcmp(pxy, "yes") && if (strcmp(conn->mg_conn.request_method, "CONNECT") == 0 ||
(strcmp(conn->mg_conn.request_method, "CONNECT") == 0 || mg_strncasecmp(conn->mg_conn.uri, "http", 4) == 0) {
memcmp(conn->mg_conn.uri, "http", 4) == 0)) { const char *enp = conn->server->config_options[ENABLE_PROXY];
if (enp == NULL || strcmp(enp, "yes") != 0) {
send_http_error(conn, 405, NULL);
} else {
proxify_connection(conn); proxify_connection(conn);
}
return; return;
} }
...@@ -4286,7 +4289,7 @@ static int is_valid_uri(const char *uri) { ...@@ -4286,7 +4289,7 @@ static int is_valid_uri(const char *uri) {
unsigned short n; unsigned short n;
return uri[0] == '/' || return uri[0] == '/' ||
strcmp(uri, "*") == 0 || // OPTIONS method can use asterisk URI strcmp(uri, "*") == 0 || // OPTIONS method can use asterisk URI
memcmp(uri, "http", 4) == 0 || // Naive check for the absolute URI mg_strncasecmp(uri, "http", 4) == 0 || // Naive check for the absolute URI
sscanf(uri, "%*[^ :]:%hu", &n) > 0; // CONNECT method can use host:port sscanf(uri, "%*[^ :]:%hu", &n) > 0; // CONNECT method can use host:port
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment