mirror of
https://github.com/nginx/nginx.git
synced 2024-12-11 09:49:02 +08:00
disable TRACE method
This commit is contained in:
parent
9b6548f4e4
commit
3e933d2919
@ -146,6 +146,12 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
|
|||||||
r->method = NGX_HTTP_MKCOL;
|
r->method = NGX_HTTP_MKCOL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (m[0] == 'T' && m[1] == 'R'
|
||||||
|
&& m[2] == 'A' && m[3] == 'C' && m[4] == 'E')
|
||||||
|
{
|
||||||
|
r->method = NGX_HTTP_TRACE;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 6:
|
case 6:
|
||||||
|
@ -1267,6 +1267,13 @@ ngx_http_process_request_header(ngx_http_request_t *r)
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (r->method & (NGX_HTTP_TRACE)) {
|
||||||
|
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
|
||||||
|
"client sent TRACE method");
|
||||||
|
ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
|
||||||
|
return NGX_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
if (r->headers_in.transfer_encoding
|
if (r->headers_in.transfer_encoding
|
||||||
&& ngx_strstr(r->headers_in.transfer_encoding->value.data, "chunked"))
|
&& ngx_strstr(r->headers_in.transfer_encoding->value.data, "chunked"))
|
||||||
{
|
{
|
||||||
|
@ -37,6 +37,7 @@
|
|||||||
#define NGX_HTTP_PROPPATCH 0x0800
|
#define NGX_HTTP_PROPPATCH 0x0800
|
||||||
#define NGX_HTTP_LOCK 0x1000
|
#define NGX_HTTP_LOCK 0x1000
|
||||||
#define NGX_HTTP_UNLOCK 0x2000
|
#define NGX_HTTP_UNLOCK 0x2000
|
||||||
|
#define NGX_HTTP_TRACE 0x4000
|
||||||
|
|
||||||
#define NGX_HTTP_CONNECTION_CLOSE 1
|
#define NGX_HTTP_CONNECTION_CLOSE 1
|
||||||
#define NGX_HTTP_CONNECTION_KEEP_ALIVE 2
|
#define NGX_HTTP_CONNECTION_KEEP_ALIVE 2
|
||||||
|
Loading…
Reference in New Issue
Block a user