commit | 39faba79f254dac92668f4852db4ef67a8421658 | [log] [tgz] |
---|---|---|
author | Amaury Denoyelle <adenoyelle@haproxy.com> | Fri Aug 13 09:43:24 2021 +0200 |
committer | Willy Tarreau <w@1wt.eu> | Tue Aug 17 10:31:04 2021 +0200 |
tree | f021c581961bcdbd393e422793b82080ed788bec | |
parent | b4934f044706e35a61de2e29b9d2a3ae7ae09f77 [diff] |
REGTESTS: add a test to prevent h2 desync attacks This test ensure that h2 pseudo headers are properly checked for invalid characters and the host header is ignored if :authority is present. This is necessary to prevent h2 desync attacks as described here https://portswigger.net/research/http2 (cherry picked from commit 7ef244d73b073edf3d493ed826ca1b0233c330e0) Signed-off-by: Willy Tarreau <w@1wt.eu>