Skip to content

Support http protocol versions besides 0.9, 1.0, 1.1, 2.0 #225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 26, 2022
Merged

Support http protocol versions besides 0.9, 1.0, 1.1, 2.0 #225

merged 2 commits into from
Apr 26, 2022

Conversation

martinhsv
Copy link
Contributor

This pull request was prompted by owasp-modsecurity/ModSecurity#2380.

Until this change, any HTTP protocol version other than 0.9, 1.0, 1.1, and 2.0 would actually result in the ModSecurity-nginx connector passing a value of "1.0" to ModSecurity's msc_process_uri function.

With this change, any characters following the five-character 'HTTP/' protocol prefix will get passed to ModSecurity, as long as nginx has successfully populated ngx_http_request_t->http_protocol.
@martinhsv martinhsv mentioned this pull request Oct 2, 2020
Closed
@flo-mic
Copy link

flo-mic commented May 26, 2021

Are there any updates on this? What is blocking this pull request?

Would like to see this merged to get http3 working. There is already a dedicated nginx branch for quic support but it can not be used as long as http3 is not supported by the ModScurity-nginx module.

See https://hg.nginx.org/nginx-quic
@martinhsv martinhsv merged commit 1c45440 into owasp-modsecurity:master Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@martinhsv @flo-mic