-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] cannot deny transfer-encoding requests #6628
Comments
Interestingly, Go doesn't keep We have special handling for the |
@francislavoie Wouldn't it make sense to add the special handling for the |
Hm, maybe yeah. Lemme take a look. |
It should be here right? caddy/modules/caddyhttp/matchers.go Line 972 in a211c65
|
@steffenbusch It's tricky actually. I think right now we're logging with no copying of headers, but if we try to manipulate the request header list to log it then we do need to copy it to avoid the inserted header field from affecting anything else outside of logging. I think I can add it as a new field beside |
@shyim Simply matching by I'll retry to figure out how to buffer requests in this case. Might take a few day. |
@WeidiDeng If I understand correctly, php-fpm will read the content-length header. But if php-fpm hangs if there is no content-length header. This header is only missing if transfer chunked is used. Therefore, it should be enough to match Or would it be a better idea to match against a missing content-length header? |
@dallyger Yes, it's better to match against the missing |
Hey,
I am trying to block
Transfer-Encoding: chunked
requests. But this seems not possible right now in Caddy:I tried following:
I think the header
Transfer-Encoding
is missing in the available headers: as the logs does not mention it too:When i change the header to
X-Foo
everything worksThe text was updated successfully, but these errors were encountered: