Closed pale-emperor closed 2 years ago
Steps to reproduce
listen 443 proto=h2; access_log on;
server 127.0.0.1:8000; tls_certificate /tmp/tempesta/cert.pem; tls_certificate_key /tmp/tempesta/key.pem;
**result:**
wh1te@ubuntu:~$ curl -k https://127.0.0.1/ -o /dev/null -s -w "%{http_code}\n"
502
2. Adding frang_limits directive we turn tempesta into `Empty reply from server`
frang_limits { ip_block off; http_uri_len 10; }
Tempesta-fw says in dmesg:
[21514.715289] [tempesta fw] Warning: frang: Host header field contains IP address for 127.0.0.1 [21514.715634] [tempesta fw] Warning: parsed request has been filtered out: 127.0.0.1 [21514.715969] [tempesta fw] 127.0.0.1 "default" "GET / HTTP/2.0" 403 0 "-" "curl/7.68.0"
**result**
000 it doesn't matter if we set values
Probably can be fixed with just adding http_host_required false to the frang config
http_host_required false
Its really works, ty
Steps to reproduce
server 127.0.0.1:8000; tls_certificate /tmp/tempesta/cert.pem; tls_certificate_key /tmp/tempesta/key.pem;
wh1te@ubuntu:~$ curl -k https://127.0.0.1/ -o /dev/null -s -w "%{http_code}\n"
We got 502 (right error_code) cause no backend on 127.0.0.1:8000
502
frang_limits { ip_block off; http_uri_len 10; }
[21514.715289] [tempesta fw] Warning: frang: Host header field contains IP address for 127.0.0.1 [21514.715634] [tempesta fw] Warning: parsed request has been filtered out: 127.0.0.1 [21514.715969] [tempesta fw] 127.0.0.1 "default" "GET / HTTP/2.0" 403 0 "-" "curl/7.68.0"
wh1te@ubuntu:~$ curl -k https://127.0.0.1/ -o /dev/null -s -w "%{http_code}\n"
000 - Here is: (52) Empty reply from server