diff --git a/README b/README index 6a49eab..369e10b 100644 --- a/README +++ b/README @@ -18,7 +18,7 @@ Accept-Language, Accept-Charset, Max-Forwards, If-Match, If-None-Match, Last-Modified, Content-Length, Expires, Content-Language, Content-Encoding, Allow, Host, Accept, - Connection, Content-Range + Connection, Content-Range, User-Agent Report Bugs Create a ticket on the issue tracking interface of GitHub: diff --git a/ngx_http_header_inspect.c b/ngx_http_header_inspect.c index 283e193..7cb350c 100644 --- a/ngx_http_header_inspect.c +++ b/ngx_http_header_inspect.c @@ -39,6 +39,7 @@ static ngx_int_t ngx_header_inspect_accept_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value); static ngx_int_t ngx_header_inspect_connection_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value); static ngx_int_t ngx_header_inspect_contentrange_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value); +static ngx_int_t ngx_header_inspect_useragent_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value); static ngx_int_t ngx_header_inspect_ifrange_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value); static ngx_int_t ngx_header_inspect_date_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, char *header, ngx_str_t value); static ngx_int_t ngx_header_inspect_process_request(ngx_http_request_t *r); @@ -1434,6 +1435,114 @@ return rc; } +static ngx_int_t ngx_header_inspect_useragent_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value) { + ngx_uint_t i = 0; + u_char d; + ngx_int_t rc = NGX_OK; + enum useragent_header_states { UAS_START, UAS_PROD, UAS_SLASH, UAS_VER, UAS_SPACE, UAS_PAREN } state; + + + if ( value.len < 1 ) { + if ( conf->log ) { + ngx_log_error(NGX_LOG_ALERT, log, 0, "header_inspect: User-Agent header \"%s\" too short", value.data); + } + return NGX_ERROR; + } + + state = UAS_START; + for ( i = 0; i < value.len ; i++ ) { + d = value.data[i]; + if ( + ((d >= '0') && (d <= '9')) || + ((d >= 'a') && (d <= 'z')) || + ((d >= 'A') && (d <= 'Z')) || + (d == '-') || (d == '.') + ) { + switch ( state ) { + case UAS_START: + case UAS_SPACE: + state = UAS_PROD; + break; + case UAS_PROD: + case UAS_VER: + case UAS_PAREN: + break; + case UAS_SLASH: + state = UAS_VER; + break; + default: + rc = NGX_ERROR; + } + } else if ( d == '/' ) { + switch ( state ) { + case UAS_PROD: + state = UAS_SLASH; + break; + default: + rc = NGX_ERROR; + } + } else if ( d == ' ' ) { + switch ( state ) { + case UAS_VER: + state = UAS_SPACE; + break; + case UAS_SPACE: + case UAS_PAREN: + break; + default: + rc = NGX_ERROR; + } + } else if ( d == '(' ) { + switch ( state ) { + case UAS_SPACE: + state = UAS_PAREN; + break; + default: + rc = NGX_ERROR; + } + } else if ( d == ')' ) { + switch ( state ) { + case UAS_PAREN: + state = UAS_SPACE; + break; + default: + rc = NGX_ERROR; + } + } else if ( + (d == ',') || (d == ':') || (d == ';') || + (d == '+') || (d == '_') + ) { + switch ( state ) { + case UAS_PAREN: + break; + default: + rc = NGX_ERROR; + } + } else { + rc = NGX_ERROR; + } + if ( rc == NGX_ERROR ) { + if ( conf->log ) { + ngx_log_error(NGX_LOG_ALERT, log, 0, "header_inspect: illegal character at position %d in User-Agent header \"%s\"", i, value.data); + } + return NGX_ERROR; + } + } + switch ( state ) { + case UAS_SPACE: + case UAS_PROD: + case UAS_VER: + break; + default: + if ( conf->log ) { + ngx_log_error(NGX_LOG_ALERT, log, 0, "header_inspect: unexpected end of User-Agent header \"%s\"", value.data); + } + return NGX_ERROR; + } + + return NGX_OK; +} + static ngx_int_t ngx_header_inspect_contentrange_header(ngx_header_inspect_loc_conf_t *conf, ngx_log_t *log, ngx_str_t value) { ngx_uint_t i = 0; ngx_int_t rc = NGX_OK; @@ -1996,6 +2105,11 @@ if ((rc != NGX_OK) && conf->block) { return NGX_HTTP_BAD_REQUEST; } + } else if ((h[i].key.len == 10) && (ngx_strcmp("User-Agent", h[i].key.data) == 0) ) { + rc = ngx_header_inspect_useragent_header(conf, r->connection->log, h[i].value); + if ((rc != NGX_OK) && conf->block) { + return NGX_HTTP_BAD_REQUEST; + } } else { /* TODO: support for other headers */ if (conf->log_uninspected) {