Project

General

Profile

Bug #2258

Bad Request

Added by luivm over 6 years ago. Updated over 6 years ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-09-15
Due date:
% Done:

100%

Missing in 1.5.x:
No

Description

Hi,
i have a problem with Lighttpd.
With this host header lighttpd return "400 Bad Request"

http://laclinique_adv.lnx.connexia.com/

If i don't use this character : "_" everithings works fine.

Here the host configuration :

$HTTP["host"] =~ "laclinique_adv.lnx.connexia.com" {
server.document-root = "/var/www/laclinique_adv"
}


Related issues

Related to Bug #2281: 400 Bad Request when using Numeric TLDs Duplicate 2010-12-22

Associated revisions

Revision b47494d4 (diff)
Added by gstrauss 11 months ago

[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)

server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"

defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.

For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.

To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"

x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281

To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"

x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330

To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)

x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016

History

#1 Updated by nitrox over 6 years ago

  • Status changed from New to Invalid

This is our bugtracker, not the support forum.

#2 Updated by icy over 6 years ago

As an explanation: _ is not allowed in hostnames.

#3 Updated by Olaf-van-der-Spek over 6 years ago

icy wrote:

As an explanation: _ is not allowed in hostnames.

Says who?

#4 Updated by nitrox over 6 years ago

The RFC says so (you´ll find the correct one yourself). Don´t mix valid hostnames with allowed DNS names.

#5 Updated by luivm over 6 years ago

  • % Done changed from 0 to 100

The RFC is 1123:
http://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names

Here the part we are interested on :
The Internet standards (Request for Comments) for protocols mandate that component hostname labels may contain only the ASCII letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9', and the hyphen ('-'). The original specification of hostnames in RFC 952, mandated that labels could not start with a digit or with a hyphen, and must not end with a hyphen. However, a subsequent specification (RFC 1123) permitted hostname labels to start with digits. No other symbols, punctuation characters, or white space are permitted.

Thank you to everyone.

#6 Updated by Olaf-van-der-Spek over 6 years ago

nitrox wrote:

The RFC says so (you´ll find the correct one yourself). Don´t mix valid hostnames with allowed DNS names.

I can't find the requirement in RFC2616 to validate the host name.

#7 Updated by icy over 6 years ago

RFC2616

14.23 Host
   Host = "Host" ":" host [ ":" port ] ;

3.2.1 General Syntax
   RFC 2396 [42] (which replaces RFCs
   1738 [4] and RFC 1808 [11]). This specification adopts the
   definitions of "URI-reference", "absoluteURI", "relativeURI", "port",
   "host","abs_path", "rel_path", and "authority" from that
   specification.

RFC2396

3.2.2. Server-based Naming Authority

      host          = hostname | IPv4address
      hostname      = *( domainlabel "." ) toplabel [ "." ]
      domainlabel   = alphanum | alphanum *( alphanum | "-" ) alphanum
      toplabel      = alpha | alpha *( alphanum | "-" ) alphanum

This has been discussed many times already.

#8 Updated by Olaf-van-der-Spek over 6 years ago

icy wrote:

This has been discussed many times already.

AFAIK Lighttpd is a web server, not a protocol validator. ;)
Why does Lighttpd need to validate the host name against RFC2396?

#9 Updated by icy over 6 years ago

Because RFC2616 which is the HTTP/1.1 RFC says so, like I quoted above.

#10 Updated by luivm over 6 years ago

I agree with Olaf, lighttpd is a web server and is not a protocol validor.
Apache2 for example don't validate the rfc

#11 Updated by icy over 6 years ago

Can you guys give one good reason why there would be a need to allow underscores in hostnames and why you can't just use dashes instead?

#12 Updated by Olaf-van-der-Spek over 6 years ago

icy wrote:

Because RFC2616 which is the HTTP/1.1 RFC says so, like I quoted above.

Your quotes don't say that 400 should be returned if the request does not match the RFC.

Can you guys give one good reason why there would be a need to allow underscores in hostnames and why you can't just use dashes instead?

The underscore might've been used for ages, so changing it might not be an option due to existing links.

Also available in: Atom