carapaceproxy
carapaceproxy copied to clipboard
diennea
A Distributed Java Reverse Proxy
Replaces outdated #449, closes #409 - replaced mixed versions of `hamcrest-core` with latest version on `hamcrest` - many minor refactors and code cleanups, including adding more documentation to the code...
To leverage a better support to HTTP/2 by WireMock (i.e., the ability to choose whether to enable or disable it from configuration), we should upgrade to at least WireMock 3.5.1,...
When proxying a request, we currently copy all headers without modification: https://github.com/diennea/carapaceproxy/blob/3b1d47222b45a358688fa6a616e254ffe2d4e8dc/carapace-server/src/main/java/org/carapaceproxy/core/ProxyRequestsManager.java#L438 This approach causes problems when our server, configured with HTTP/1.1, receives a request from a client that supports...
I tried to run [Apache Maven Enforcer plugin](https://maven.apache.org/enforcer/index.html) against the project because I saw some minor inconsistencies over dependencies versions, and the server a mess! ``` ❯ mvn enforcer:enforce -Denforcer.rules=dependencyConvergence,banDuplicatePomDependencyVersions...
Following this checklist to help us incorporate your contribution quickly and easily: - [ ] Each commit in the pull request should have a meaningful subject line and body. -...
# Problem Release job for hotfix 2.0.1 acutally computed a version 2.1.0: https://github.com/diennea/carapaceproxy/actions/runs/10795758991 ```bash ./mvnw release:clean release:prepare release:perform \ -Dtag=v2.1.0 \ -DreleaseVersion=2.1.0 \ -DdevelopmentVersion=2.1.1-SNAPSHOT \ -Darguments='-DskipTests=true' ``` # Why it...
Yarn Classic line (1.x) entered maintenance mode in January 2020 and will eventually reach their end-of-life in terms of support. I think we should consider migrating to a newer version:...
# Problem Currently, we support HTTP/2 in a transparent manner: - if a client connects with Carapace in HTTP/1, we forward an HTTP/1 request to the backend - if a...
# Problem Apparently, a stack with a Tomcat 9.0.100 server behind a Carapace instance is vulnerable to HTTP request smuggling attacks through CL.0 vulnerability. # Goal We want to validate...
Even though the listener is configured for H2, it does not seem to accept HTTP/2 connections. Debugging suggests that the ALPN configuration might be missing. ``` curl -vvv -I --http2-prior-knowledge...
