Project

General

Profile

Feature #551

lighttpd doesn't allow underscores in host names

Added by Anonymous about 11 years ago. Updated 11 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
Due date:
% Done:

100%

Missing in 1.5.x:

Description

If I try to visit mister_fab.infogami.com, lighttpd returns a 400 Bad Request error. How do I get it to stop?

-- me

Associated revisions

Revision b47494d4 (diff)
Added by gstrauss 11 months ago

[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)

server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"

defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.

For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.

To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"

x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281

To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"

x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330

To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)

x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016

History

#1 Updated by Anonymous about 11 years ago

Underscores are NOT valid in hostnames for A-Records (and MX btw.) and should not be accepted by the infogami registration. Although there actually is an rfc wich allows underscores (RFC1033), it is mostly regarded as a mistake and has Status "Unknown". Rfc1035 however is labeled "Standard" and does not allow them.

Since wildcard dns records are so popular these days, Jan might choose to allow more characters (his personal choice) but you're far better off avoiding underscores in hostnames.

-- bkw

#2 Updated by Anonymous about 11 years ago

RFC 1035 makes it clear that these are conventions (the title of the section is "Conventions"). And while I would tend to agree that infogami should enforce these recommendations, lighttpd certainly shouldn't, because it prevents applications that use domain names in a non-standard way from working

http://foo_bar.fred.theinfo.org/ (you can change the foo_bar bit) is a sort of silly example but I see no good reason why it shouldn't work. (And it does with Apache.)

-- aaronsw

#3 Updated by Anonymous about 11 years ago

OK, it's a convention, but then again, so is most of tcp/ip (or communication in general).

But Jon tought us to be liberal what we accept, so yes, I do agree with you.

btw http://foo_bar.fred.theinfo.org/ was an interesting read, had its lengths near the end though ;-)

-- bkw

#4 Updated by moo about 11 years ago

relative enhancement: #602

to break standard or not to, it's a problem

#5 Updated by gstrauss 11 months ago

  • Description updated (diff)
  • Status changed from New to Patch Pending
  • Assignee deleted (jan)
  • Target version set to 1.4.40

#6 Updated by gstrauss 11 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom