From c96a493fb6ed39240720bb5e08bf3d2447ea8215 Mon Sep 17 00:00:00 2001 From: Juergen Kunz Date: Thu, 12 Mar 2026 22:41:20 +0000 Subject: [PATCH] fix(rustproxy-http): remove Host header from HTTP/2 upstream requests while preserving it for HTTP/1 retries --- changelog.md | 7 +++++++ rust/crates/rustproxy-http/src/proxy_service.rs | 15 ++++++++++++++- ts/00_commitinfo_data.ts | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/changelog.md b/changelog.md index 9930a93..fbc57da 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,12 @@ # Changelog +## 2026-03-12 - 25.10.7 - fix(rustproxy-http) +remove Host header from HTTP/2 upstream requests while preserving it for HTTP/1 retries + +- strips the Host header before sending HTTP/2 upstream requests so :authority from the URI is used instead +- avoids 400 responses from nginx caused by sending both Host and :authority headers +- keeps a cloned header set for bodyless request retries so HTTP/1 fallback still retains the Host header + ## 2026-03-12 - 25.10.6 - fix(rustproxy-http) use the requested domain as HTTP/2 authority instead of the backend host and port diff --git a/rust/crates/rustproxy-http/src/proxy_service.rs b/rust/crates/rustproxy-http/src/proxy_service.rs index 5ec85f3..a4b95d5 100644 --- a/rust/crates/rustproxy-http/src/proxy_service.rs +++ b/rust/crates/rustproxy-http/src/proxy_service.rs @@ -1091,6 +1091,10 @@ impl HttpProxyService { .method(method) .uri(&h2_uri); + // Remove Host header for H2 — :authority pseudo-header (from URI) is sufficient + let mut upstream_headers = upstream_headers; + upstream_headers.remove("host"); + if let Some(headers) = upstream_req.headers_mut() { *headers = upstream_headers; } @@ -1131,7 +1135,7 @@ impl HttpProxyService { io: TokioIo, parts: hyper::http::request::Parts, body: Incoming, - upstream_headers: hyper::HeaderMap, + mut upstream_headers: hyper::HeaderMap, upstream_path: &str, upstream: &crate::upstream_selector::UpstreamSelection, route: &rustproxy_config::RouteConfig, @@ -1202,12 +1206,16 @@ impl HttpProxyService { }); // Save retry state before consuming parts/body (for bodyless requests like GET) + // Clone BEFORE removing Host — H1 fallback needs Host header let retry_state = if body.is_end_stream() { Some((parts.method.clone(), upstream_headers.clone())) } else { None }; + // Remove Host header for H2 — :authority pseudo-header (from URI) is sufficient + upstream_headers.remove("host"); + // Build and send the h2 request inline (don't register in pool yet — // we need to verify the request actually succeeds first, because some // backends advertise h2 via ALPN but don't speak the h2 binary protocol). @@ -1474,6 +1482,11 @@ impl HttpProxyService { .method(parts.method) .uri(&h2_uri); + // Remove Host header for H2 — :authority pseudo-header (from URI) is sufficient + // Having both Host and :authority causes nginx to return 400 + let mut upstream_headers = upstream_headers; + upstream_headers.remove("host"); + if let Some(headers) = upstream_req.headers_mut() { *headers = upstream_headers; } diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 60b9201..2fbc6c3 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartproxy', - version: '25.10.6', + version: '25.10.7', description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.' }