Changes between Version 1 and Version 2 of Ticket #2396
- Timestamp:
- 10/01/22 13:00:51 (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2396 – Description
v1 v2 5 5 We have a configuration that use $uri and with the config below, we can trick nginx and change request body: 6 6 7 7 {{{ 8 8 server { 9 9 listen 127.0.0.1:80; … … 26 26 return 418; 27 27 } 28 }}} 28 29 30 {{{ 29 31 curl -v 'http://localhost/toto' => < HTTP/1.1 200 OK 30 32 … … 42 44 < Connection: keep-alive 43 45 < 44 * Connection #0 to host localhost left intact 46 }}} 45 47 46 48 The attached patch tries to mimic fix on the commit 0b66bd4be777a5b79c5ae0e7dff89fc6429da0fe. 47 49 50 {{{ 48 51 Same crafted curl gives me now: 49 52 < HTTP/1.1 400 Bad Request 50 53 < Server: nginx/1.21.6 54 }}} 51 55 52 56 What do you think ?
