Skip to content

mod_ssl: directly abort connection when receiving HTTP requests #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

mod_ssl: directly abort connection when receiving HTTP requests #524

wants to merge 1 commit into from

Conversation

@daum3ns
Copy link

@daum3ns daum3ns commented Mar 18, 2025

Shutdown the ssl filter and abort the connection instead of disabling is and pass a fake request to the core handler. The current implementation allows to exhaust workers by sendin HTTP request to HTTPS port. Additionally the Openssl lib doesn't detect the http methods PATCH, DELETE, OPTIONS and TRACE. So the current implementation only works partially. See openssl PR: openssl/openssl#26968

@daum3ns
mod_ssl: directly abort connection when receiving HTTP requests
f5e1dcc 
Shutdown the ssl filter and abort the connection instead of disabling
is and pass a fake request to the core handler. The current implementation
allows to exhaust workers by sendin HTTP request to HTTPS port. Additionally
the Openssl lib doesn't detect the http methods PATCH, DELETE, OPTIONS and TRACE.
So the current implementation only works partially.
See openssl PR: openssl/openssl#26968
@daum3ns
Copy link
Author

daum3ns commented Apr 3, 2025

@ylavic maybe you could have a look here?

@notroj
Copy link
Collaborator

notroj commented Apr 3, 2025

"current implementation allows to exhaust workers by sendin HTTP request to HTTPS port"

Can you explain exactly what you mean by that? Why is sending an HTTP response on the HTTPS port going to exhaust workers?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daum3ns @notroj