From 64ab7f61b00eccbb9616138da6f8efc7be586c7f Mon Sep 17 00:00:00 2001 From: Alexander Shorin Date: Thu, 13 Aug 2015 03:45:35 +0300 Subject: [PATCH] Backport validate host feature This includes: https://git-wip-us.apache.org/repos/asf?p=couchdb-couch.git;h=fcd24e73d6 https://git-wip-us.apache.org/repos/asf?p=couchdb-couch.git;h=a5232be86d COUCHDB-2752 --- src/couchdb/couch_httpd.erl | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index 3eb2e39909..3df38af207 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -31,6 +31,7 @@ -export([send_json/2,send_json/3,send_json/4,last_chunk/1,parse_multipart_request/3]). -export([accepted_encodings/1,handle_request_int/5,validate_referer/1,validate_ctype/2]). -export([http_1_0_keep_alive/2]). +-export([validate_host/1]). start_link() -> start_link(http). @@ -316,6 +317,7 @@ handle_request_int(MochiReq, DefaultFun, {ok, Resp} = try + validate_host(HttpReq), check_request_uri_length(RawUri), case couch_httpd_cors:is_preflight_request(HttpReq) of #httpd{} -> @@ -378,6 +380,34 @@ handle_request_int(MochiReq, DefaultFun, couch_stats_collector:increment({httpd, requests}), {ok, Resp}. +validate_host(#httpd{} = Req) -> + case couch_config:get("httpd", "validate_host", "false") of + "true" -> + Host = hostname(Req), + ValidHosts = valid_hosts(), + case lists:member(Host, ValidHosts) of + true -> + ok; + false -> + throw({bad_request, <<"Invalid host header">>}) + end; + _ -> + ok + end. + +hostname(#httpd{} = Req) -> + case header_value(Req, "Host") of + undefined -> + undefined; + Host -> + [Name | _] = re:split(Host, ":[0-9]+$", [{parts, 2}, {return, list}]), + Name + end. + +valid_hosts() -> + List = couch_config:get("httpd", "valid_hosts", ""), + re:split(List, ",", [{return, list}]). + check_request_uri_length(Uri) -> check_request_uri_length(Uri, couch_config:get("httpd", "max_uri_length")).