Project

General

Profile

Bug #1016

header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error

Added by Anonymous about 10 years ago. Updated almost 9 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_proxy_core
Target version:
Start date:
Due date:
% Done:

0%

Missing in 1.5.x:

Description

- error

- normal

------part of error.log-------
http_req.c.270: (trace) parsing failed ... (no error-msg)
http_resp.c.247: (trace) parsing failed ...
mod_proxy_core.c.1905: (trace) state: 5 (error)
connections.c.1201: (trace) (error) plugins_call_handle_send_request_content(): r = 5
------end---------------------

-- mixsture


Related issues

Related to Feature #602: Russian letters not alowed? Fixed

Associated revisions

Revision b47494d4 (diff)
Added by gstrauss 10 months ago

[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)

server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"

defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.

For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.

To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"

x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281

To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"

x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330

To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)

x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016

History

#1 Updated by jwmcglynn about 10 years ago

This bug is due to not allowing the ASCII 255 character in the request or response header, and is the same as #602.

#2 Updated by jwmcglynn almost 10 years ago

I think that ASCII 255 should be allowed. It is only a control character for telnet and FTP (which specifically allows some telnet control codes). The HTTP spec doesn't specifically disallow 255, but it also doesn't specifically allow other characters that are currently accepted.

#3 Updated by stbuehler almost 9 years ago

  • Status changed from New to Fixed
  • Resolution set to duplicate

#4 Updated by gstrauss 10 months ago

  • Related to Feature #602: Russian letters not alowed? added

Also available in: Atom