https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412007-05-31T00:46:25Zlighty labsLighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=28392007-05-31T00:46:25ZAnonymous
<ul></ul><p>Replying to <a class="wiki-page new" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Ticket1184">anonymous</a>:</p>
<blockquote>
<p>this is a very minor problem, which probably will not affect most people .... dont know also if it's allowed as a domain, but ping doesn't mind :)</p>
</blockquote>
<p>It does happen to be true that it isn't valid for a tld to begin with a number.</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=28402007-06-03T03:18:03Zmoo
<ul></ul><p>paste your config here inside</p>
<p>it would be nice if you make it simple yet reproducable before pasting here</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=28412008-10-05T13:15:38Zicy
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>invalid</i></li></ul><p>As the anonymous commenter already said: tlds in your format are invalid, change your hostnames :)</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=46102008-10-10T18:53:44Zstbuehler
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Invalid</i></li></ul> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=65382009-10-31T19:06:53Zrmxz
<ul><li><strong>Status</strong> changed from <i>Invalid</i> to <i>Reopened</i></li></ul><p>While it's technically true that there are no TLDs starting with numbers today, it is somewhat annoying. A fair number of companies use .companyname as a TLD for their intranets; and this makes lighttpd a poor fit for those that start with numbers.</p>
<p>If I were to submit a patch supporting TLDs that start with any alpha-numeric number for intranets like these, might this feature be reconsidered?</p>
<p>Conversely, lighttpd does support TLDs that end in numbers - though no such TLDs exist either. Should I submit a patch that rejects those?</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=65392009-11-01T00:20:50Znitrox
<ul><li><strong>Status</strong> changed from <i>Reopened</i> to <i>Invalid</i></li><li><strong>Missing in 1.5.x</strong> set to <i>No</i></li></ul><p>If lighty behaves like this, the next one screams lighty is not compliant. So where should this lead too? Just because sth. might be possible does not proof its the right thing to do. The "fix" is there -> use proper hostnames.</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=65402009-11-01T03:21:05Zrmxz
<ul></ul><p>So would you guys also want a patch to exclude TLDs that have digits after the first character?</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=65412009-11-01T13:37:36Zstbuehler
<ul><li><strong>Status</strong> changed from <i>Invalid</i> to <i>Reopened</i></li><li><strong>Target version</strong> deleted (<del><i>1.5.0</i></del>)</li></ul><p>I think we could discuss whether we should check the hostname at all for such characteristics - perhaps we could simplify the checks.</p>
So:
<ul>
<li>Which characters should be allowed? The rfc even allows escaped characters (rfc 2396) - should we unescape it before checking?<br /> I think the basic regex looks like <code>([a-zA-Z0-9_~.!$&'()*+,;=\-]|%[0-9a-fA-Z][0-9a-fA-Z])+</code><br /> I guess <code>[a-zA-Z0-9_.\-]+</code> should be enough, but perhaps there are good arguments for other characters.</li>
<li>Which substrings should be forbidden? ".." is a pretty obvious example imho, but are there more?</li>
</ul> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=65432009-11-03T00:02:50Zrmxz
<ul></ul><p>One more use-case that might be convenient if this check would be made more liberal, would be letting users access <a class="external" href="http://1st-web-server/">http://1st-web-server/</a> where '1st-web-server' is the hostname of a machine in the same domain that they're in. Currently it gives a 400 error too.</p>
<p>I'm not totally sure, but I think the relevant RFCs suggest <br />this "may" be allowed, by appending a domain name?</p>
<p>In this case, I think the relevant RFC is: <br /><a class="external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23">http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23</a><br />"Host request-header....(generally an HTTP URL as described in section 3.2.2)" <br /><a class="external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.2">http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.2</a><br />"... MAY add its domain to the host name it received. "</p> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=96432016-05-18T10:56:34Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Reopened</i> to <i>Patch Pending</i></li><li><strong>Target version</strong> set to <i>1.4.40</i></li></ul> Lighttpd - Bug #1184: a numeric tldhttps://redmine.lighttpd.net/issues/1184?journal_id=96622016-05-23T05:40:05Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Patch Pending</i> to <i>Fixed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #21..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/b47494d4cda6dc1a152f9033e4617897842c2f50">b47494d4cda6dc1a152f9033e4617897842c2f50</a>.</p>