Armael/tricot
1
0
Fork 0
forked from Deuxfleurs/tricot
Code Pull requests Activity

Try to fix duplicate Host header issue

Browse source 
- disable http2 to backend connections even when using tls
- forbid hyper from adding a host header
This commit is contained in:
Alex 2022-01-25 17:01:39 +01:00
parent ea050c7045
commit b1ac01f53e
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/reverse_proxy.rs
View file

@ -22,7 +22,7 @@ pub const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
const HOP_HEADERS: &[HeaderName] = &[ const HOP_HEADERS: &[HeaderName] = &[
header::CONNECTION, header::CONNECTION,
//header::KEEP_ALIVE, // header::KEEP_ALIVE, // not found in http::header
header::PROXY_AUTHENTICATE, header::PROXY_AUTHENTICATE,
header::PROXY_AUTHORIZATION, header::PROXY_AUTHORIZATION,
header::TE, header::TE,
@ -69,7 +69,8 @@ fn create_proxied_request<B>(
) -> Result<Request<B>> { ) -> Result<Request<B>> {
let mut builder = Request::builder() let mut builder = Request::builder()
.method(request.method()) .method(request.method())
.uri(forward_uri(forward_url, &request)?); .uri(forward_uri(forward_url, &request)?)
.version(hyper::Version::HTTP_11);
*builder.headers_mut().unwrap() = remove_hop_headers(request.headers()); *builder.headers_mut().unwrap() = remove_hop_headers(request.headers());
@ -133,7 +134,7 @@ pub async fn call(
let mut connector = HttpConnector::new(); let mut connector = HttpConnector::new();
connector.set_connect_timeout(Some(PROXY_TIMEOUT)); connector.set_connect_timeout(Some(PROXY_TIMEOUT));
let client: Client<_, hyper::Body> = Client::builder().build(connector); let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?; let response = client.request(proxied_request).await?;
@ -161,7 +162,7 @@ pub async fn call_https(
http_connector.set_connect_timeout(Some(PROXY_TIMEOUT)); http_connector.set_connect_timeout(Some(PROXY_TIMEOUT));
let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector); let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy", http_connector);
let client: Client<_, hyper::Body> = Client::builder().build(connector); let client: Client<_, hyper::Body> = Client::builder().set_host(false).build(connector);
let response = client.request(proxied_request).await?; let response = client.request(proxied_request).await?;
trace!("Inner response (HTTPS): {:?}", response); trace!("Inner response (HTTPS): {:?}", response);

5
src/tls_util.rs
View file

@ -21,7 +21,9 @@ pub struct HttpsConnectorFixedDnsname<T> {
tls_config: Arc<rustls::ClientConfig>, tls_config: Arc<rustls::ClientConfig>,
fixed_dnsname: &'static str, fixed_dnsname: &'static str,
} }
type BoxError = Box<dyn std::error::Error + Send + Sync>; type BoxError = Box<dyn std::error::Error + Send + Sync>;
impl HttpsConnectorFixedDnsname<HttpConnector> { impl HttpsConnectorFixedDnsname<HttpConnector> {
pub fn new( pub fn new(
mut tls_config: rustls::ClientConfig, mut tls_config: rustls::ClientConfig,
@ -29,7 +31,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
mut http: HttpConnector, mut http: HttpConnector,
) -> Self { ) -> Self {
http.enforce_http(false); http.enforce_http(false);
tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; tls_config.alpn_protocols = vec![b"http/1.1".to_vec()];
Self { Self {
http, http,
tls_config: Arc::new(tls_config), tls_config: Arc::new(tls_config),
@ -37,6 +39,7 @@ impl HttpsConnectorFixedDnsname<HttpConnector> {
} }
} }
} }
impl<T> Service<Uri> for HttpsConnectorFixedDnsname<T> impl<T> Service<Uri> for HttpsConnectorFixedDnsname<T>
where where
T: Service<Uri>, T: Service<Uri>,