commit | 12790af93730924f04993d25bd232a5ff6a58d76 | [log] [tgz] |
---|---|---|
author | Maxim Dounin <mdounin@mdounin.ru> | Mon Jun 28 18:01:04 2021 +0300 |
committer | Maxim Dounin <mdounin@mdounin.ru> | Mon Jun 28 18:01:04 2021 +0300 |
tree | 432fbcb511cea5b4f1583e365883af738f8c92d4 | |
parent | 2c6ab65301ba64872251b9bf9ea4ceec52a6aa2a [diff] |
Added CONNECT method rejection. No valid CONNECT requests are expected to appear within nginx, since it is not a forward proxy. Further, request line parsing will reject proper CONNECT requests anyway, since we don't allow authority-form of request-target. On the other hand, RFC 7230 specifies separate message length rules for CONNECT which we don't support, so make sure to always reject CONNECTs to avoid potential abuse.