Changeset e7c2162


Ignore:
Timestamp:
Mar 10, 2018 4:56:59 PM (2 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
39039b8
Parents:
fe808a8
Message:

i2ptunnel: Strip server Date header
More efficient header checks
Jetty config tweaks

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java

    rfe808a8 re7c2162  
    6767    private static final String DEST64_HEADER = "X-I2P-DestB64";
    6868    private static final String DEST32_HEADER = "X-I2P-DestB32";
    69     private static final String[] CLIENT_SKIPHEADERS = {HASH_HEADER, DEST64_HEADER, DEST32_HEADER};
    70     private static final String SERVER_HEADER = "Server";
    71     private static final String X_POWERED_BY_HEADER = "X-Powered-By";
    72     private static final String X_RUNTIME_HEADER = "X-Runtime"; // Rails
     69    /** MUST ALL BE LOWER CASE */
     70    private static final String[] CLIENT_SKIPHEADERS = {HASH_HEADER.toLowerCase(Locale.US),
     71                                                        DEST64_HEADER.toLowerCase(Locale.US),
     72                                                        DEST32_HEADER.toLowerCase(Locale.US)};
     73    private static final String DATE_HEADER = "date";
     74    private static final String SERVER_HEADER = "server";
     75    private static final String X_POWERED_BY_HEADER = "x-powered-by";
     76    private static final String X_RUNTIME_HEADER = "x-runtime"; // Rails
    7377    // https://httpoxy.org
    74     private static final String PROXY_HEADER = "Proxy";
    75     private static final String[] SERVER_SKIPHEADERS = {SERVER_HEADER, X_POWERED_BY_HEADER, X_RUNTIME_HEADER, PROXY_HEADER};
     78    private static final String PROXY_HEADER = "proxy";
     79    /** MUST ALL BE LOWER CASE */
     80    private static final String[] SERVER_SKIPHEADERS = {DATE_HEADER, SERVER_HEADER, X_POWERED_BY_HEADER, X_RUNTIME_HEADER, PROXY_HEADER};
    7681    /** timeout for first request line */
    7782    private static final long HEADER_TIMEOUT = 15*1000;
     
    952957     *  @param in if null, use socket.getInputStream() as InputStream
    953958     *  @param command out parameter, first line
     959     *  @param skipHeaders MUST be lower case
    954960     *  @throws SocketTimeoutException if timeout is reached before newline
    955961     *  @throws EOFException if EOF is reached before newline
     
    10401046                boolean skip = false;
    10411047                for (String skipHeader: skipHeaders) {
    1042                     if (skipHeader.toLowerCase(Locale.US).equals(lcName)) {
     1048                    if (skipHeader.equals(lcName)) {
    10431049                        skip = true;
    10441050                        break;
  • installer/resources/eepsite/contexts/base-context.xml

    rfe808a8 re7c2162  
    1515    <Arg>org.eclipse.jetty.servlet.Default.cacheControl</Arg>
    1616    <Arg>max-age=3600,public</Arg>
     17  </Call>
     18  <!-- change to true to allow directory listings -->
     19  <Call name="setInitParameter">
     20    <Arg>org.eclipse.jetty.servlet.Default.dirAllowed</Arg>
     21    <Arg>false</Arg>
    1722  </Call>
    1823  <Call name="setMimeTypes">
  • installer/resources/eepsite/jetty-ssl.xml

    rfe808a8 re7c2162  
    270270                    <New class="org.eclipse.jetty.server.HttpConfiguration">
    271271                      <Set name="sendServerVersion">false</Set>
    272                       <Set name="sendDateHeader">true</Set>
     272                      <Set name="sendDateHeader">false</Set>
     273                      <Set name="sendXPoweredBy">false</Set>
    273274                    </New>
    274275                  </Arg>
  • installer/resources/eepsite/jetty.xml

    rfe808a8 re7c2162  
    118118                      <New class="org.eclipse.jetty.server.HttpConfiguration">
    119119                        <Set name="sendServerVersion">false</Set>
    120                         <Set name="sendDateHeader">true</Set>
     120                        <Set name="sendDateHeader">false</Set>
     121                        <Set name="sendXPoweredBy">false</Set>
    121122                      </New>
    122123                    </Arg>
Note: See TracChangeset for help on using the changeset viewer.