Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Frang: http_host_required, no port in host header #1719

Open
ProshNad opened this issue Oct 13, 2022 · 2 comments · May be fixed by #1955
Open

Frang: http_host_required, no port in host header #1719

ProshNad opened this issue Oct 13, 2022 · 2 comments · May be fixed by #1955
Assignees
@const-t
Labels
bug security
Milestone
1.0 - GA

Comments

@ProshNad
Copy link

ProshNad commented Oct 13, 2022
edited by voodam
Loading

Motivation

all tests should work

Scope

Tests are run on the default port 80. This port is default for the service requested. Therefore, it does not need to be specified. But now, frang does not allow requests that do not specify a port, even if it is port 80.
Example:
now:
request fails due to limit:

GET http://tempesta-tech.com:80/ HTTP/1.1\r
Host: tempesta-tech.com\r
\r

Required: the request passes because port 80 is a port that doesn't have to be specified

Testing

t_frang.test_http_strict_host_checking.FrangHostRequiredTestCase.test_host_header_no_port_in_host - this test is currently disabled, but if enabled, it will pass. After this bug is fixed, you will need to transfer this case to the test_host_header_set_ok test in the same file.

Documentation

https://github.com/tempesta-tech/tempesta/wiki/HTTP-security#:~:text=http_host_required%20%5Btrue%7Cfalse%5D
@ProshNad ProshNad added the bug label Oct 13, 2022
@krizhanovsky krizhanovsky added security good to start Start form this tasks if you're new in Tempesta FW labels Oct 13, 2022
@RomanBelozerov
Copy link
Contributor

h2 and http1.1 has same problem with ipv6. This works correctly for ipv4. But if send request with host: [20:11:abb::1] header, we will receive response status - 400.

[ 5381.921614] [tempesta fw] Warning: Parser error: state=Req_HdrHostV input(-8)=0x22('
               Host: "[20:11:abb::1]"
               
               ') data_len=42 off=22
[ 5381.924167] [tempesta fw] Warning: failed to parse request: 127.0.0.1

Port is optional parameter

@const-t const-t mentioned this issue Nov 24, 2022
Merged
@krizhanovsky krizhanovsky modified the milestones: 0.7 - Beta, 1.0 - GA Jan 12, 2023
@krizhanovsky krizhanovsky modified the milestones: 1.0 - GA, 0.8 - Beta Apr 19, 2023
@voodam
Copy link
Contributor

voodam commented Jun 21, 2023
edited
Loading

This issue is blocked by #1870. See this piece of code:

tempesta/fw/http_limits.c

Line 705 in 6103de1

if (test_bit(TFW_HTTP_B_ABSOLUTE_URI, req->flags)) {

After completing #1870 we can fix the tests.

@krizhanovsky krizhanovsky removed the good to start Start form this tasks if you're new in Tempesta FW label Sep 5, 2023
@krizhanovsky krizhanovsky modified the milestones: 0.8 - Beta, 1.0 - GA Sep 5, 2023
@krizhanovsky krizhanovsky assigned const-t and unassigned voodam Dec 18, 2023
@const-t const-t linked a pull request Jun 18, 2024 that will close this issue
Rework HTTP message forwarning #1955
Open
@krizhanovsky krizhanovsky modified the milestones: 0.8 - Beta, 0.9 - LA Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@const-t const-t

Labels
bug security
Projects
None yet
Milestone
1.0 - GA
Development

Successfully merging a pull request may close this issue.

Rework HTTP message forwarning tempesta-tech/tempesta
5 participants
@krizhanovsky @const-t @ProshNad @voodam @RomanBelozerov