disable TRACE method

2024-12-01 11:19:00 +08:00 · 2007-03-30 18:59:26 +00:00 · 2007-03-30 18:59:26 +00:00 · 3e933d2919
commit 3e933d2919
parent 9b6548f4e4
3 changed files with 14 additions and 0 deletions
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@ -146,6 +146,12 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                        r->method = NGX_HTTP_MKCOL;
                    }

+                    if (m[0] == 'T' && m[1] == 'R'
+                        && m[2] == 'A' && m[3] == 'C' && m[4] == 'E')
+                    {
+                        r->method = NGX_HTTP_TRACE;
+                    }
+
                    break;

                case 6:
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@ -1267,6 +1267,13 @@ ngx_http_process_request_header(ngx_http_request_t *r)
        return NGX_ERROR;
    }

+    if (r->method & (NGX_HTTP_TRACE)) {
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent TRACE method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
    if (r->headers_in.transfer_encoding
        && ngx_strstr(r->headers_in.transfer_encoding->value.data, "chunked"))
    {
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@ -37,6 +37,7 @@
 #define NGX_HTTP_PROPPATCH                 0x0800
 #define NGX_HTTP_LOCK                      0x1000
 #define NGX_HTTP_UNLOCK                    0x2000
+#define NGX_HTTP_TRACE                     0x4000

 #define NGX_HTTP_CONNECTION_CLOSE          1
 #define NGX_HTTP_CONNECTION_KEEP_ALIVE     2