tempesta icon indicating copy to clipboard operation
tempesta copied to clipboard

Published 20 hours ago verified publisher icon tempesta-tech

Wrong cached response with fake host

Open const-t opened this issue 2 years ago • 1 comments

Scope

There is a possibility to replace original http2 response by response with the same URI from another non http2 vhost. To achieve this need to send request with specific Host while cache is clear.

Testing

Can be reproduced by the next steps:

  1. Clear tempesta cache.
  2. curl -vk https://debian/file.html -H'Host: frontend'
  3. curl -vk https://debian/file.html

On third step file.html will be received from frontend vhost, instead of debian vhost.

Test config:

listen 443 proto=h2;
listen 80;

srv_group main {
    server 127.0.0.1:8080;
}

srv_group front {
    server 127.0.0.1:8081;
}

vhost debian {
    tls_certificate /etc/tempesta/tfw-root.crt;
    tls_certificate_key /etc/tempesta/tfw-root.key;

    proxy_pass main;
}

vhost frontend {
    proxy_pass front;
}

http_chain {
  host == "frontend" -> frontend;
  host == "debian" -> debian;
-> block;
}

cache_fulfill * *;

Also need to implement functional test for this issue.

const-t avatar Jul 29 '22 17:07 const-t

Linked issue #1630

krizhanovsky avatar Aug 10 '22 14:08 krizhanovsky

Fixed in #1862

dmpetroff avatar May 11 '23 15:05 dmpetroff