From b6f1efd3b2a6ceae54010c7a08fffa15c1ae90a3 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Thu, 29 May 2008 22:19:17 +0000 Subject: [PATCH] * According to RFC 2616 8.2.3 we are not allowed to forward an Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return a HTTP_EXPECTATION_FAILED. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@661506 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/proxy/mod_proxy_http.c | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/CHANGES b/CHANGES index 85b06acb84..5971b2322e 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to + known HTTP/1.0 servers. Return 'Expectation failed' (417) instead. + [Ruediger Pluem] + *) core, authn/z: Determine registered authn/z providers directly in ap_setup_auth_internal(), which allows optional functions that just wrapped ap_list_provider_names() to be removed from authn/z modules. diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 582a4a8236..86c082fbe6 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -692,6 +692,14 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r, if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) { buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.0" CRLF, NULL); force10 = 1; + /* + * According to RFC 2616 8.2.3 we are not allowed to forward an + * Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return + * a HTTP_EXPECTATION_FAILED + */ + if (r->expecting_100) { + return HTTP_EXPECTATION_FAILED; + } p_conn->close++; } else { buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.1" CRLF, NULL); -- 2.40.0