Bug #1330


400 Bad Request when using IP's numeric value ("ip2long()")

Added by Anonymous over 16 years ago. Updated almost 8 years ago.

Target version:


Other webservers allow you to access them via their numeric value:

octet1 << 24 OR octet2 << 16 OR octet3 << 8 OR octet4
(or with a calculator, octet1*256^3 + octet2*256^2 + octet3*256 + octet4)

Here's one of Google's IPs:
(64 * (256^3)) + (233 * (256^2)) + (167 * 256) + 99

So if you use http://1089054563 --- you get to google.

If you try this with a server running lighttpd, you get "400 Bad Request" :)

This is an old trick to get by proxies. I doubt it works any more...but what good is it to get by a proxy if you're trying to reach a lighttpd hosted website!? :D

Great job on lighty, btw, excellent software!

-- Ben <ben_is_a

Actions #1

Updated by Anonymous over 16 years ago

Errr, this (#)&$ing wiki screwed up my formatting...I should've previewed first! Here are the relevant pieces:

(or with a calculator, octet1*256^3^ + octet2*256^2^ + octet3*256 + octet4) (64 * (256^3^)) + (233 * (256^2^)) + (167 * 256) + 99 1089054563

-- Ben <ben_is_a

Actions #2

Updated by carpii almost 8 years ago

Not a valid bug (maybe it was at the time)

The octet address is decoded to an IP before the connection is even made to lighttpd
The HTTP Host header still specifies the octet hostname, but lighty treats this as an abritrary string anyway..

For my test IP of

$HTTP["host"] == "3232235855" {
url.redirect = ( "^/(.*)" => "" )

$ wget http://3232235855

--2016-05-03 00:06:09-- http://3232235855/
Resolving 3232235855...
Connecting to 3232235855||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: [following]

Actions #3

Updated by gstrauss almost 8 years ago

  • Description updated (diff)

There are a number of open issues related to the feature request of lighttpd parsing various formats of numerical strings in the Host header into an IP address that is then used for condition matching. request.c:request_check_hostname() is the place where many of these are rejected. I was thinking that a new config switch (or switches) might disable the strict checks here, and/or parse various numerical formats into IP strings.

Actions #4

Updated by gstrauss almost 8 years ago

  • Status changed from New to Patch Pending
  • Assignee deleted (jan)
  • Target version set to 1.4.40
Actions #5

Updated by gstrauss almost 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom