Bug #1330
closed400 Bad Request when using IP's numeric value ("ip2long()")
Description
Other webservers allow you to access them via their numeric value:
octet1 << 24 OR octet2 << 16 OR octet3 << 8 OR octet4
(or with a calculator, octet1*256^3 + octet2*256^2 + octet3*256 + octet4)
Here's one of Google's IPs:
64.233.167.99
(64 * (256^3)) + (233 * (256^2)) + (167 * 256) + 99
1089054563
So if you use http://1089054563 --- you get to google.
If you try this with a server running lighttpd, you get "400 Bad Request" :)
This is an old trick to get by proxies. I doubt it works any more...but what good is it to get by a proxy if you're trying to reach a lighttpd hosted website!? :D
Great job on lighty, btw, excellent software!
-- Ben <ben_is_a
Updated by Anonymous over 16 years ago
Errr, this (#)&$ing wiki screwed up my formatting...I should've previewed first! Here are the relevant pieces:
(or with a calculator, octet1*256^3^ + octet2*256^2^ + octet3*256 + octet4)
64.233.167.99 (64 * (256^3^)) + (233 * (256^2^)) + (167 * 256) + 99 1089054563
-- Ben <ben_is_a
Updated by carpii almost 8 years ago
Not a valid bug (maybe it was at the time)
The octet address is decoded to an IP before the connection is even made to lighttpd
The HTTP Host header still specifies the octet hostname, but lighty treats this as an abritrary string anyway..
For my test IP of 192.168.1.79....
$HTTP["host"] == "3232235855" {
url.redirect = ( "^/(.*)" => "http://google.com" )
}
$ wget http://3232235855
--2016-05-03 00:06:09-- http://3232235855/
Resolving 3232235855... 192.168.1.79
Connecting to 3232235855|192.168.1.79|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://google.com [following]
Updated by gstrauss almost 8 years ago
- Description updated (diff)
There are a number of open issues related to the feature request of lighttpd parsing various formats of numerical strings in the Host header into an IP address that is then used for condition matching. request.c:request_check_hostname() is the place where many of these are rejected. I was thinking that a new config switch (or switches) might disable the strict checks here, and/or parse various numerical formats into IP strings.
Updated by gstrauss almost 8 years ago
- Status changed from New to Patch Pending
- Assignee deleted (
jan) - Target version set to 1.4.40
Updated by gstrauss almost 8 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset b47494d4cda6dc1a152f9033e4617897842c2f50.
Also available in: Atom