search

loudapet / 42webserv

This project is about writing one's own HTTP server
2 stars 0 forks source link

Reject misdirected requests (421) #15

Closed loudapet closed 1 week ago

loudapet commented 1 month ago

RFC 9110 states:

For example, a request might have been misdirected, deliberately or accidentally, such that the information within a received Host header field differs from the connection's host or port. If the connection is from a trusted gateway, such inconsistency might be expected; otherwise, it might indicate an attempt to bypass security filters, trick the server into delivering non-public content, or poison a cache.

loudapet commented 1 month ago

Nginx doesn't care about port number in Host header field, but we should

loudapet commented 1 month ago

Blocked by merging at the moment, should be resolved once the server is merged with its parser

loudapet commented 1 week ago

selectServerRules to throw exception (421)