httpd behaves incorrectly when using `server match` or `alias match` directives

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

httpd behaves incorrectly when using `server match` or `alias match` directives

Brian C
> Synopsis: httpd `server match` and `alias match` are broken.
> Category: system
> Environment:
        System      : OpenBSD 6.8
        Details     : OpenBSD 6.8 (GENERIC.MP) #5: Mon Feb 22 04:36:10 MST 2021
                         
[hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

        Architecture: OpenBSD.amd64
        Machine     : amd64
> Description:
        If using `server match` or `alias match` in `httpd.conf`, the first
`server` in an interface/port combo that uses a match entry will become
the "default" server for that interface/port combo. It doesn't seem to
simply be a `greedy` match situation -- because earlier-defined servers
don't get pulled in by the match -- only defaults and all subsequently
defined servers.
> How-To-Repeat:
Create `/etc/hosts` entries for hostnames `abc`, `def`, `ghi`, and
`jkl`.
Run `httpd` with this config. Note: to simplify this config, I
configured each host to return a different http status code for each
server. The same works for returned files, though (I originally
encountered this when I tried using a server match for the
second-to-last-defined server entry, and then noticed that the wrong
files were served from the last-defined server entry).
```
server "abc" {
   listen on * port 80
   block return 405
}
server "def" {
   # This will perform similarly when patterned as "^def$", "^def", etc.
Also, works the same if it's done as `server match` instead.
   # Commented out this line to run once how it "should" work; uncomment
the below to "break" it.
   #alias match "^$"
   listen on * port 80
   block return 406
}
server "ghi" {
   listen on * port 80
   block return 407
}
```

`curl http://abc` -- returns 405
`curl http://def` -- returns 406
`curl http://ghi` -- returns 407
`curl http://jkl` -- returns 405
--- the above works as expected ---

If you uncomment the `alias match` line above, and reload httpd, then:
`curl http://abc` -- returns 405
`curl http://def` -- returns 406
`curl http://ghi` -- returns 406
`curl http://jkl` -- returns 406


> Fix:
Stop using `server match` or `alias match` entries, and enumerate all
the individual entries.