mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-02-03 16:31:08 +01:00
8f4116ea65
This patch hardens the verification of the HTTP/1.x version line (i.e. the first line within an HTTP/1.x request) to verify that the protocol name within the version actually reads "HTTP". Previously protocols that superficially resembled the wire-format of HTTP/1.x and having a 4-letter acronym as the protocol name, such as RTSP would pass this check. This patch fixes GitHub issue #540, it must be backported to all supported versions. The legacy, non-HTX parser is affected as well, a fix must be created for it as well. Note that such protocols can still be used when option accept-invalid-http-request is set.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)