Lighttpd

is there a patch or some configure flag to allow scoped IPv6 adresses like [fe80::1%eth0] etc.?

no

I would really appreciate a git patch or a configure option to make it work.

I would really appreciate if you carefully studied http://catb.org/~esr/faqs/smart-questions.html

You have provided no justification, and you either do not know how to configure your firewall or you have at the very least failed to mention it here with a description why that is not a workable solution for you.

Your answers are always a pleasure to me ;).

I just wanted to allow scoped ipv6 addresses not return in a Bad Request from the lighttpd.
Why shall I change the firewall rules for that?

I just wanted to allow scoped ipv6 addresses not return in a Bad Request from the lighttpd.

That sentence is nonsensical to a native English speaker. It is poorly communicated and missing context.

I wrote:

I would really appreciate if you carefully studied http://catb.org/~esr/faqs/smart-questions.html

Based on your subsequent response, you have either not taken the time to read the link, or are lacking in self-awareness or intelligence to identify which parts apply to you.

I added a patch for 1.4.60 in my ptxdist if someone is also interested:

diff --git a/src/request.c b/src/request.c
index ed2e531..f865527 100755
--- a/src/request.c
+++ b/src/request.c
@@ -76,6 +76,34 @@ static int request_check_hostname(buffer * const host) {
         h += hlen;
     }
     else {  /* IPv6 address */
+    
+        /*PATCH for scoped ipv6*/
+        char *addr_end, *scope;
+        int scope_len = 0;
+        uint32_t host_len = 0;
+        addr_end = memchr(h, ']', buffer_clen(host));
+        if(!addr_end || (addr_end[1] != ':' && addr_end[1] != '\0')) {
+            /* malformed address (not "[xx]:nn" or "[xx]") */
+            return -1;
+        }
+        
+        /* remove scope identifier (rfc4007) from the host address */
+        scope = memchr(h, '%', buffer_clen(host));
+        if (scope) {
+            /* addr_end points to "]...", scope points to "%eth0]..." */
+            scope_len = addr_end - scope;
+
+            /* should not happen */
+            if (scope_len < 0)
+                return -1;
+
+            /* remove zone */
+            host_len = buffer_clen(host);
+            memmove(scope, addr_end, scope_len);
+            buffer_truncate(host, host_len - scope_len);
+        }
+        /*PATCH for scoped ipv6 end*/
+    
         /* check the address inside [...]; note: not fully validating */
         /* (note: not allowing scoped literals, e.g. %eth0 suffix) */
         ++h; /* step past '[' */

Topic can be closed!

I just wanted to allow scoped ipv6 addresses not return in a Bad Request from the lighttpd.
Why shall I change the firewall rules for that?

Apparently you expected me to read your mind?

Based on your patch, your request was specific to receiving an IPv6 literal in the Host header. Since I could not read your mind, I did not know if you were asking for support of scoped identifiers on IPv6 literal listening addresses, or elsewhere.

lighttpd (currently) recognizes IPv6 literals in networking listening config, in mod_extforward, and in request header normalization. mod_proxy and backend CGI environments might also propagate Host headers or equivalents. Host normalization is important for comparison with lighttpd config conditions $HTTP["host"], though that is relevant only to some lighttpd.conf, where used.

Your patch might not be necessary if you set "host-strict" => "disable" in lighttpd server.http-parseopts

Your patch adds two calls to memchr() to the critical path. The following (untested) patch adds only a check for '%' in the common case without zone index on scoped literal.

diff --git a/src/request.c b/src/request.c
index ed2e5310..65044751 100644
--- a/src/request.c
+++ b/src/request.c
@@ -77,10 +77,21 @@ static int request_check_hostname(buffer * const host) {
     }
     else {  /* IPv6 address */
         /* check the address inside [...]; note: not fully validating */
-        /* (note: not allowing scoped literals, e.g. %eth0 suffix) */
         ++h; /* step past '[' */
         int cnt = 0;
         while (light_isxdigit(*h) || *h == '.' || (*h == ':' && ++cnt < 8)) ++h;
+        if (*h == '%') {
+            /*(remove zone index, e.g. %eth0 suffix, from scoped literal)*/
+            for (const char *e = h+1; *e; ++e) {
+                if (*e == ']') {
+                    uint32_t hlen = (uint32_t)(h - host->ptr);
+                    uint32_t rest = buffer_clen(host) - (uint32_t)(e - host->ptr);
+                    memmove(host->ptr+hlen, e, rest);
+                    buffer_truncate(host, hlen+rest);
+                    break;
+                }
+            }
+        }
         /*(invalid char, too many ':', missing ']', or empty "[]")*/
         if (*h != ']' || h - host->ptr == 1) return -1;
         ++h; /* step past ']' */

Thanks, your patch also works as expected :)

What is sending an IPv6 literal with a zone index in the HTTP Host header (or equivalent), and why? Put another way, why is the zone index leaking into the Host header in the HTTP protocol (at the application layer, layer 7 in the OSI model)? Specifying a zone index might be used at a lower layer in the IP stack, but why is that relevant to the HTTP protocol? In short, I think the application producing an IPv6 literal with a zone index in the HTTP Host header (or equivalent) is the application that should be fixed.