From 1a2a91325619e5056818f48c00244cf847c218d4 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 15 Dec 2023 14:45:40 +0900 Subject: [PATCH] fix disableoverridehost option --- CHANGELOG.md | 2 +- config-example.toml | 4 ++-- rpxy-bin/src/log.rs | 10 +++++----- rpxy-lib/src/backend/upstream_opts.rs | 4 ++-- rpxy-lib/src/forwarder/cache/cache_main.rs | 2 +- .../src/message_handler/handler_manipulate_messages.rs | 7 ++++--- rpxy-lib/src/message_handler/utils_headers.rs | 9 +++++---- rpxy-lib/src/proxy/proxy_h3.rs | 4 ++-- 8 files changed, 22 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3d55c1d..2a6deae9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ ## 0.7.0 (unreleased) - Breaking: `hyper`-1.0 for both server and client modules. -- Breaking: Remove `override_host` option in upstream options. Add a reverse option, i.e., `disable_override_host`. That is, `rpxy` always override the host header by the upstream hostname by default. +- Breaking: Remove `override_host` option in upstream options. Add a reverse option, i.e., `keep_original_host`. That is, `rpxy` always override the host header by the upstream hostname (backend uri host name) by default. If this reverse option specified, original `host` header is maintained or added from the value of url request line. - Breaking: Introduced `native-tls-backend` feature to use the native TLS engine to access backend applications. - Redesigned: Cache structure is totally redesigned with more memory-efficient way to read from cache file, and more secure way to strongly bind memory-objects with files with hash values. - Redesigned: HTTP body handling flow is also redesigned with more memory-and-time efficient techniques without putting the whole objects on memory by using `futures::stream::Stream` and `futures::channel::mpsc` diff --git a/config-example.toml b/config-example.toml index 458061c0..7460c35f 100644 --- a/config-example.toml +++ b/config-example.toml @@ -57,8 +57,8 @@ upstream = [ ] load_balance = "round_robin" # or "random" or "sticky" (sticky session) or "none" (fix to the first one, default) upstream_options = [ - "disable_override_host", # do not overwrite HOST value with upstream hostname (like 192.168.xx.x seen from rpxy) - "force_http2_upstream", # mutually exclusive with "force_http11_upstream" + "keep_original_host", # do not overwrite HOST value with upstream hostname (like 192.168.xx.x seen from rpxy) + "force_http2_upstream", # mutually exclusive with "force_http11_upstream" ] # Non-default destination in "localhost" app, which is routed by "path" diff --git a/rpxy-bin/src/log.rs b/rpxy-bin/src/log.rs index 978d6860..0ca3b995 100644 --- a/rpxy-bin/src/log.rs +++ b/rpxy-bin/src/log.rs @@ -14,11 +14,11 @@ pub fn init_logger() { // This limits the logger to emits only proxy crate let pkg_name = env!("CARGO_PKG_NAME").replace('-', "_"); - // let level_string = std::env::var(EnvFilter::DEFAULT_ENV).unwrap_or_else(|_| "info".to_string()); - // let filter_layer = EnvFilter::new(format!("{}={}", pkg_name, level_string)); - let filter_layer = EnvFilter::try_from_default_env() - .unwrap_or_else(|_| EnvFilter::new("info")) - .add_directive(format!("{}=trace", pkg_name).parse().unwrap()); + let level_string = std::env::var(EnvFilter::DEFAULT_ENV).unwrap_or_else(|_| "info".to_string()); + let filter_layer = EnvFilter::new(format!("{}={}", pkg_name, level_string)); + // let filter_layer = EnvFilter::try_from_default_env() + // .unwrap_or_else(|_| EnvFilter::new("info")) + // .add_directive(format!("{}=trace", pkg_name).parse().unwrap()); tracing_subscriber::registry() .with(format_layer) diff --git a/rpxy-lib/src/backend/upstream_opts.rs b/rpxy-lib/src/backend/upstream_opts.rs index f19acb4c..c4c3db58 100644 --- a/rpxy-lib/src/backend/upstream_opts.rs +++ b/rpxy-lib/src/backend/upstream_opts.rs @@ -2,7 +2,7 @@ use crate::error::*; #[derive(Debug, Clone, Hash, Eq, PartialEq)] pub enum UpstreamOption { - DisableOverrideHost, + KeepOriginalHost, UpgradeInsecureRequests, ForceHttp11Upstream, ForceHttp2Upstream, @@ -12,7 +12,7 @@ impl TryFrom<&str> for UpstreamOption { type Error = RpxyError; fn try_from(val: &str) -> RpxyResult { match val { - "diaable_override_host" => Ok(Self::DisableOverrideHost), + "keep_original_host" => Ok(Self::KeepOriginalHost), "upgrade_insecure_requests" => Ok(Self::UpgradeInsecureRequests), "force_http11_upstream" => Ok(Self::ForceHttp11Upstream), "force_http2_upstream" => Ok(Self::ForceHttp2Upstream), diff --git a/rpxy-lib/src/forwarder/cache/cache_main.rs b/rpxy-lib/src/forwarder/cache/cache_main.rs index f3fc4637..02aec937 100644 --- a/rpxy-lib/src/forwarder/cache/cache_main.rs +++ b/rpxy-lib/src/forwarder/cache/cache_main.rs @@ -135,7 +135,7 @@ impl RpxyCache { .map(|f| { if f.is_data() { let data_bytes = f.data_ref().unwrap().clone(); - debug!("cache data bytes of {} bytes", data_bytes.len()); + // debug!("cache data bytes of {} bytes", data_bytes.len()); // We do not use stream-type buffering since it needs to lock file during operation. buf.extend(data_bytes.as_ref()); } diff --git a/rpxy-lib/src/message_handler/handler_manipulate_messages.rs b/rpxy-lib/src/message_handler/handler_manipulate_messages.rs index 143b3e8a..529a17ad 100644 --- a/rpxy-lib/src/message_handler/handler_manipulate_messages.rs +++ b/rpxy-lib/src/message_handler/handler_manipulate_messages.rs @@ -85,14 +85,14 @@ where } }; - let uri = req.uri().to_string(); + let original_uri = req.uri().to_string(); let headers = req.headers_mut(); // delete headers specified in header.connection remove_connection_header(headers); // delete hop headers including header.connection remove_hop_header(headers); // X-Forwarded-For - add_forwarding_header(headers, client_addr, listen_addr, tls_enabled, &uri)?; + add_forwarding_header(headers, client_addr, listen_addr, tls_enabled, &original_uri)?; // Add te: trailer if te_trailer if contains_te_trailers { @@ -106,6 +106,7 @@ where .headers_mut() .insert(header::HOST, HeaderValue::from_str(&org_host)?); }; + let original_host_header = req.headers().get(header::HOST).unwrap().clone(); ///////////////////////////////////////////// // Fix unique upstream destination since there could be multiple ones. @@ -135,7 +136,7 @@ where // by default, host header is overwritten with upstream hostname override_host_header(headers, &upstream_chosen.uri)?; // apply upstream options to header - apply_upstream_options_to_header(headers, upstream_candidates)?; + apply_upstream_options_to_header(headers, &original_host_header, upstream_candidates)?; // update uri in request ensure!( diff --git a/rpxy-lib/src/message_handler/utils_headers.rs b/rpxy-lib/src/message_handler/utils_headers.rs index 32bc7f3f..df2d57b7 100644 --- a/rpxy-lib/src/message_handler/utils_headers.rs +++ b/rpxy-lib/src/message_handler/utils_headers.rs @@ -105,17 +105,18 @@ pub(super) fn override_host_header(headers: &mut HeaderMap, upstream_base_uri: & /// Apply options to request header, which are specified in the configuration pub(super) fn apply_upstream_options_to_header( headers: &mut HeaderMap, + original_host_header: &HeaderValue, // _client_addr: &SocketAddr, upstream: &UpstreamCandidates, // _upstream_base_uri: &Uri, ) -> Result<()> { for opt in upstream.options.iter() { match opt { - UpstreamOption::DisableOverrideHost => { - // simply remove HOST header value + UpstreamOption::KeepOriginalHost => { + // revert hostname headers - .remove(header::HOST) - .ok_or_else(|| anyhow!("Failed to remove host header in disable_override_host option"))?; + .insert(header::HOST, original_host_header.to_owned()) + .ok_or_else(|| anyhow!("Failed to revert host header in keep_original_host option"))?; } UpstreamOption::UpgradeInsecureRequests => { // add upgrade-insecure-requests in request header if not exist diff --git a/rpxy-lib/src/proxy/proxy_h3.rs b/rpxy-lib/src/proxy/proxy_h3.rs index 02954300..7e02f323 100644 --- a/rpxy-lib/src/proxy/proxy_h3.rs +++ b/rpxy-lib/src/proxy/proxy_h3.rs @@ -168,11 +168,11 @@ where if frame.is_data() { let data = frame.into_data().unwrap_or_default(); - debug!("Write data to HTTP/3 stream"); + // debug!("Write data to HTTP/3 stream"); send_stream.send_data(data).await?; } else if frame.is_trailers() { let trailers = frame.into_trailers().unwrap_or_default(); - debug!("Write trailer to HTTP/3 stream"); + // debug!("Write trailer to HTTP/3 stream"); send_stream.send_trailers(trailers).await?; } }