HTTP proxy authentication fixes (#300)
- Only accepts HTTP 1.x protocols - Only checks the credentials when the method is `CONNECT` or the request URL is absolute - More logging on authorization failures - Removes the authorization headers before forwarding the HTTP(s) requests - Refers to #298
This commit is contained in:
Quentin McGaw
24
internal/httpproxy/accept.go
Normal file
24
internal/httpproxy/accept.go
Normal file
@@ -0,0 +1,24 @@
|
||||
package httpproxy
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h *handler) isAccepted(responseWriter http.ResponseWriter, request *http.Request) bool {
|
||||
// Not compatible with HTTP < 1.0 or HTTP >= 2.0 (see https://github.com/golang/go/issues/14797#issuecomment-196103814)
|
||||
const (
|
||||
minimalMajorVersion = 1
|
||||
minimalMinorVersion = 0
|
||||
maximumMajorVersion = 2
|
||||
maximumMinorVersion = 0
|
||||
)
|
||||
if !request.ProtoAtLeast(minimalMajorVersion, minimalMinorVersion) ||
|
||||
request.ProtoAtLeast(maximumMajorVersion, maximumMinorVersion) {
|
||||
message := fmt.Sprintf("http version not supported: %s", request.Proto)
|
||||
h.logger.Info("%s, from %s", message, request.RemoteAddr)
|
||||
http.Error(responseWriter, message, http.StatusBadRequest)
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
Reference in New Issue
Block a user