From aedbd134f83cb464864c03915137a08218ba106d Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Fri, 18 Aug 2023 23:29:18 +0200 Subject: [PATCH] Add option to rewrite "dirty" URLs --- config.json | 5 +++-- svr.js | 29 +++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/config.json b/config.json index 3fe6b7d..558cdb5 100644 --- a/config.json +++ b/config.json @@ -3,7 +3,7 @@ "port": 80, "pubport": 80, "page404": "404.html", - "timestamp": 1692388365140, + "timestamp": 1692394031580, "blacklist": [], "nonStandardCodes": [], "enableCompression": true, @@ -88,5 +88,6 @@ "disableNonEncryptedServer": false, "disableToHTTPSRedirect": false, "enableETag": true, - "disableUnusedWorkerTermination": false + "disableUnusedWorkerTermination": false, + "rewriteDirtyURLs": true } diff --git a/svr.js b/svr.js index dded571..ec8e9a6 100644 --- a/svr.js +++ b/svr.js @@ -993,6 +993,7 @@ var disableNonEncryptedServer = false; var disableToHTTPSRedirect = false; var nonStandardCodesRaw = []; var disableUnusedWorkerTermination = false; +var rewriteDirtyURLs = false; //Get properties from config.json if (configJSON.blacklist != undefined) rawBlackList = configJSON.blacklist; @@ -1018,6 +1019,7 @@ if (configJSON.sni != undefined) sni = configJSON.sni; if (configJSON.disableNonEncryptedServer != undefined) disableNonEncryptedServer = configJSON.disableNonEncryptedServer; if (configJSON.disableToHTTPSRedirect != undefined) disableToHTTPSRedirect = configJSON.disableToHTTPSRedirect; if (configJSON.disableUnusedWorkerTermination != undefined) disableUnusedWorkerTermination = configJSON.disableUnusedWorkerTermination; +if (configJSON.rewriteDirtyURLs != undefined) rewriteDirtyURLs = configJSON.rewriteDirtyURLs; if (configJSON.wwwroot != undefined) { var wwwroot = configJSON.wwwroot; if (cluster.isPrimary || cluster.isPrimary === undefined) process.chdir(wwwroot); @@ -4280,8 +4282,25 @@ if (!cluster.isPrimary) { sanitizedURL.slashes = null; sanitizedURL = url.format(sanitizedURL); serverconsole.resmessage("URL sanitized: " + req.url + " => " + sanitizedURL); - redirect(sanitizedURL, false); - return; + if(rewriteDirtyURLs) { + req.url = sanitizedURL; + uobject = parseURL(req.url); + search = uobject.search; + href = uobject.pathname; + ext = path.extname(href).toLowerCase(); + ext = ext.substr(1, ext.length); + try { + decodedHref = decodeURIComponent(href); + } catch (err) { + //Return 400 error + callServerError(400); + serverconsole.errmessage("Bad request!"); + return; + } + } else { + redirect(sanitizedURL, false); + return; + } } //URL REWRITING @@ -4329,6 +4348,11 @@ if (!cluster.isPrimary) { rewrittenAgainURL.path = null; rewrittenAgainURL.href = null; rewrittenAgainURL.pathname = sHref; + rewrittenAgainURL.hostname = null; + rewrittenAgainURL.host = null; + rewrittenAgainURL.port = null; + rewrittenAgainURL.protocol = null; + rewrittenAgainURL.slashes = null; rewrittenAgainURL = url.format(rewrittenAgainURL); serverconsole.resmessage("URL sanitized: " + req.url + " => " + rewrittenAgainURL); req.url = rewrittenAgainURL; @@ -5510,6 +5534,7 @@ function saveConfig() { if (configJSONobj.disableToHTTPSRedirect === undefined) configJSONobj.disableToHTTPSRedirect = false; if (configJSONobj.enableETag === undefined) configJSONobj.enableETag = true; if (configJSONobj.disableUnusedWorkerTermination === undefined) configJSONobj.disableUnusedWorkerTermination = false; + if (configJSONobj.rewriteDirtyURLs === undefined) configJSONobj.rewriteDirtyURLs = false; var configString = JSON.stringify(configJSONobj, null, 2); fs.writeFileSync(__dirname + "/config.json", configString);