Project

General

Profile

Bug #946

URL encoding leads to "400 - Bad Request"

Added by Anonymous almost 11 years ago. Updated over 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

From: http://forum.lighttpd.net/topic/508

You can't browse to a ip specified in hexadecimal form with lighttpd.
http://0x51a99898/ - lighttpd.net - gives 400 - Bad Request
http://0x40e9a763/ - google.com - works fine

This also applies to partial/full hex/octal encoding.

Like the following links to google.
They had http:// infront of them but it marked this ticket as spam :(

0x40.0xe9.0xa7.0x63
0x40.233.0xa7.99
010072323543

Hope i did this right,

-Wouter

-- Wouter

Associated revisions

Revision b47494d4 (diff)
Added by gstrauss over 1 year ago

[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)

server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"

defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.

For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.

To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"

x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281

To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"

x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330

To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)

x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016

History

#1

Updated by Anonymous about 9 years ago

can confirm this is still the case in 1.5 rev 2140

#2

Updated by Anonymous about 9 years ago

stbuehler (IRC) took a look at this today, this seems to have fixed it (i myself have done min testing at this stage - very quick test on 1.5)

diff --git a/src/request.c b/src/request.c
index 4298873..4f83175 100644
--- a/src/request.c
++ b/src/request.c
@ -125,7 +125,7 @ static int request_check_hostname(server srv, connection *con, buffer *host) {
}
} else if (i == 0) {
/
the first character of the hostname */
- if (!light_isalpha(c)) {
if (!light_isalnum(c)) {
return -1;
}
label_len++;

#3

Updated by gstrauss over 1 year ago

  • Description updated (diff)

Issue at least partially addressed in the following. Not sure if fully addressed.

commit b87d3e804be04e79c1d3d8b5fc12dac06087dc7d
Author: Stefan B├╝hler <stbuehler@web.de>
Date:   Tue Jul 14 12:57:27 2009 +0000

    Allow digits in hostnames in more places (fixes #1148)

    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2586 152afb58-edef-0310-8abb-c4023f1b3aa9

#4

Updated by gstrauss over 1 year ago

  • Status changed from New to Patch Pending
  • Assignee deleted (jan)
  • Target version set to 1.4.40
#5

Updated by gstrauss over 1 year ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom