From 8065f92c0742522621fdfd144609e8075f921770 Mon Sep 17 00:00:00 2001 From: Kevin McConnell Date: Wed, 11 Sep 2024 11:37:32 +0100 Subject: [PATCH] Reject requests over TLS if it has been disabled If we were running TLS on a site and then disable it, any active connections that were made over TLS will still be valid until closed. This could be confusing if you disable TLS then refresh your browser and find that it's still working. Instead, we can reject the request with an error so that the change applies to active connections as well. --- internal/server/service.go | 5 +++++ internal/server/service_test.go | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/internal/server/service.go b/internal/server/service.go index f0e26dd..98e8e07 100644 --- a/internal/server/service.go +++ b/internal/server/service.go @@ -318,6 +318,11 @@ func (s *Service) serviceRequestWithTarget(w http.ResponseWriter, r *http.Reques return } + if !s.options.RequireTLS() && r.TLS != nil { + SetErrorResponse(w, r, http.StatusServiceUnavailable, nil) + return + } + if s.handlePausedAndStoppedRequests(w, r) { return } diff --git a/internal/server/service_test.go b/internal/server/service_test.go index 9be89b7..0eb91ee 100644 --- a/internal/server/service_test.go +++ b/internal/server/service_test.go @@ -42,6 +42,24 @@ func TestService_RedirectToHTTPWhenTLSRequired(t *testing.T) { require.Equal(t, http.StatusOK, w.Result().StatusCode) } +func TestService_RejectTLSRequestsWhenNotConfigured(t *testing.T) { + service := testCreateService(t, defaultServiceOptions, defaultTargetOptions) + + require.False(t, service.options.RequireTLS()) + + req := httptest.NewRequest(http.MethodGet, "http://example.com/", nil) + w := httptest.NewRecorder() + service.ServeHTTP(w, req) + + require.Equal(t, http.StatusOK, w.Result().StatusCode) + + req = httptest.NewRequest(http.MethodGet, "https://example.com", nil) + w = httptest.NewRecorder() + service.ServeHTTP(w, req) + + require.Equal(t, http.StatusServiceUnavailable, w.Result().StatusCode) +} + func TestService_ReturnSuccessfulHealthCheckWhilePausedOrStopped(t *testing.T) { service := testCreateService(t, defaultServiceOptions, defaultTargetOptions)