New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop requests with unknown host headers #42

Open

danielcompton opened this issue Jan 30, 2018 · 1 comment

Member

danielcompton commented Jan 30, 2018

We had a report that Clojars responds to unknown host headers. We should drop requests that don't match headers that we expect: https://stackoverflow.com/a/28591245/826486

Member Author

danielcompton commented Jul 3, 2018

  # If the host isn't for Clojars then reject it.
  # If we return 444 then the connection is immediately closed.
  # This shows up as a 502 error on the load balancer which
  # is probably not ideal. Instead we return 418 (I'm a Teapot).
  if ($host !~* ^(repo|app)\.clojars\.org$ ) {
    return 418;
  }

I have something similar to this for Deps, we just need to tweak the regex, probably to just .*.clojars.org.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment