Project

General

Profile

Bug #2143

Numeric tld's

Added by khemael almost 8 years ago. Updated over 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2009-12-31
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

Hi. It seems that lighttpd won't handle numeric tlds. Tried with bot numeric+alpha eand pure numeric tlds.

Yes, numeric tlds aren't part of actual ICANN's TLD's, but anyway, as of ICANN'S applicant book (Draft V3 of october 2009), numeric and pure numeric TLD's are not a problem. Pure numeric tlds should however append a non-numeric subdomain in their tld policies if the tld is somewhat between 0-255.
Also, it seems that numerous of numeric and alphanumeric TLD's are in approach for 2010 ICANN gTLD's evaluation. Oh, and we just can't use lighttpd in our company due to these restriction. Sticking with Apache here.


khemael@alpha:~$ dig -t A nsd.geeks.42 +short
88.181.160.249
khemael@alpha:~$ telnet nsd.geeks.42 80
Trying 88.181.160.249...
Connected to nsd.geeks.42.
Escape character is '^]'.
GET / HTTP/1.1
host : www.khemael.net

HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Thu, 31 Dec 2009 23:14:31 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 - Bad Request</title>
 </head>
 <body>
  <h1>400 - Bad Request</h1>
 </body>
</html>
Connection closed by foreign host.
khemael@alpha:~$ telnet nsd.geeks.42 80
Trying 88.181.160.249...
Connected to nsd.geeks.42.
Escape character is '^]'.
GET / HTTP/1.1
host : nsd.geeks.42

HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Thu, 31 Dec 2009 23:14:49 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 - Bad Request</title>
 </head>
 <body>
  <h1>400 - Bad Request</h1>
 </body>
</html>
Connection closed by foreign host.

patch-src-request.c (1.18 KB) patch-src-request.c majinboo, 2010-12-28 15:44

Related issues

Has duplicate Bug #2281: 400 Bad Request when using Numeric TLDsDuplicate2010-12-22

Associated revisions

Revision b47494d4 (diff)
Added by gstrauss over 1 year ago

[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)

server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"

defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.

For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.

To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"

x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281

To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"

x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330

To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)

x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016

History

#1

Updated by khemael almost 8 years ago

Excuse the wrong GET requests. Here is a relevant example :

root@alpha:/home/khemael$ telnet 192.168.0.10 80
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
GET / HTTP/1.1
host: nsd.geeks.42

HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Fri, 01 Jan 2010 12:38:40 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 - Bad Request</title>
 </head>
 <body>
  <h1>400 - Bad Request</h1>
 </body>
</html>
Connection closed by foreign host.
root@alpha:/home/khemael$ telnet 192.168.0.10 80
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
GET / HTTP/1.1
host: www.khemael.net

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "155230805" 
Last-Modified: Tue, 29 Dec 2009 19:50:51 GMT
Content-Length: 806
Date: Fri, 01 Jan 2010 12:39:11 GMT
Server: lighttpd/1.4.19

<html><body><center><h1>Khemael.net</h1> <br><br> <A
href="http://mail.khemael.net">Webmail</A>  -  <A
href="http://mail.ipv6.khemael.net">IPv6-Webmail</A><br>-<br> <A
href="http://ipv6.khemael.net/">Khemael.net IPv6 publics list</A> <br>-<br> <A       
href="http://code.khemael.net/">Code.khemael.net Svn Repository</A>  -  <A
href="http://code.ipv6.khemael.net/">IPv6-Code.khemael.net Svn Repository</A>
<br>-<br> khemael[at]khemael.net - You may write here<br><br><i>.:: This page is reachable through IPv6 ::.</i><br><br><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=khemael&badge=3" width=229 height=137 border=0 alt="IPv6 Certification Badge for khemael"></img><br><br><script type="text/javascript" src="http://ipv6.he.net/v4ex/sidebar.js"></script></center></body></html>

Connection closed by foreign host.

#2

Updated by Olaf-van-der-Spek almost 7 years ago

  • Target version set to 1.4.29

What is the reason Lighttpd checks the TLD?

#3

Updated by nitrox almost 7 years ago

Because its rfc-compliant, you´d be the first whining if not.

#4

Updated by Olaf-van-der-Spek almost 7 years ago

Does the HTTP RFC require you to return a HTTP error if the hostname doesn't follow RFC rules?

#5

Updated by majinboo almost 7 years ago

After a quick read, HTTP RFC does not seem to require this check.

Disabling the check is pretty simple (see quick'n'dirty attached patch), more interesting solution could be to modify the logic of the check in order to not detect a host with numeric TLD as an IP address

#6

Updated by stbuehler over 6 years ago

  • Target version changed from 1.4.29 to 1.4.x

I someone provides a sane patch to use a less restrict check for hostnames given that a new config option is set, i will apply it.
apart from that i think numeric dns labels are just wrong (especially numeric tlds).

btw: the http rfc links to other rfcs.

#7

Updated by gstrauss over 1 year ago

  • Category set to core
#8

Updated by gstrauss over 1 year ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.40
#9

Updated by gstrauss over 1 year ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom