[PATCH 03 of 12] Proxy: HTTP/0.9 responses now disabled by default

Maxim Dounin mdounin at mdounin.ru
Fri Aug 8 20:08:58 UTC 2025 

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1754683245 -10800
#      Fri Aug 08 23:00:45 2025 +0300
# Node ID 533246d275487cfbc51111e7ee05d0c014dd7d78
# Parent  2bdee8408a2305c96e4a8e6ada355228a1ac62bc
Proxy: HTTP/0.9 responses now disabled by default.

Compatibility with HTTP/0.9 is no longer essential nowadays.  Further,
it often causes confusion when a malformed HTTP/1.x response is interpreted
as a HTTP/0.9 response, or when proxying to a non-HTTP server appears to
work and return something.

As such, compatibility with HTTP/0.9 responses in the proxy module is
now disabled by default.  The "proxy_allow_http09" directive makes it
possible to re-enable it if needed in the particular setup.

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -111,6 +111,7 @@ typedef struct {
     ngx_http_proxy_vars_t          vars;
 
     ngx_flag_t                     redirect;
+    ngx_flag_t                     http09;
 
     ngx_uint_t                     http_version;
 
@@ -686,6 +687,13 @@ static ngx_command_t  ngx_http_proxy_com
       offsetof(ngx_http_proxy_loc_conf_t, http_version),
       &ngx_http_proxy_http_version },
 
+    { ngx_string("proxy_allow_http09"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_proxy_loc_conf_t, http09),
+      NULL },
+
 #if (NGX_HTTP_SSL)
 
     { ngx_string("proxy_ssl_session_reuse"),
@@ -1805,10 +1813,11 @@ out:
 static ngx_int_t
 ngx_http_proxy_process_status_line(ngx_http_request_t *r)
 {
-    size_t                 len;
-    ngx_int_t              rc;
-    ngx_http_upstream_t   *u;
-    ngx_http_proxy_ctx_t  *ctx;
+    size_t                      len;
+    ngx_int_t                   rc;
+    ngx_http_upstream_t        *u;
+    ngx_http_proxy_ctx_t       *ctx;
+    ngx_http_proxy_loc_conf_t  *plcf;
 
     ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
 
@@ -1829,6 +1838,14 @@ ngx_http_proxy_process_status_line(ngx_h
         ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                        "http proxy no HTTP/1.0 header");
 
+        plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
+
+        if (!plcf->http09) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "upstream sent no valid HTTP/1.0 header");
+            return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+        }
+
         u->headers_in.status_n = 200;
         u->headers_in.connection_close = 1;
 
@@ -3414,6 +3431,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_
     conf->method = NGX_CONF_UNSET_PTR;
 
     conf->redirect = NGX_CONF_UNSET;
+    conf->http09 = NGX_CONF_UNSET;
 
     conf->cookie_domains = NGX_CONF_UNSET_PTR;
     conf->cookie_paths = NGX_CONF_UNSET_PTR;
@@ -3764,6 +3782,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t
     ngx_conf_merge_ptr_value(conf->method, prev->method, NULL);
 
     ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
+    ngx_conf_merge_value(conf->http09, prev->http09, 0);
 
     if (conf->redirect) {

More information about the nginx-devel mailing list