Project

General

Profile

Actions

Bug #1330

closed

400 Bad Request when using IP's numeric value ("ip2long()")

Added by Anonymous over 17 years ago. Updated over 8 years ago.

Status:
Fixed
Priority:
Low
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

Other webservers allow you to access them via their numeric value:

octet1 << 24 OR octet2 << 16 OR octet3 << 8 OR octet4
(or with a calculator, octet1*256^3 + octet2*256^2 + octet3*256 + octet4)

Here's one of Google's IPs:

64.233.167.99
(64 * (256^3)) + (233 * (256^2)) + (167 * 256) + 99
1089054563

So if you use http://1089054563 --- you get to google.

If you try this with a server running lighttpd, you get "400 Bad Request" :)

This is an old trick to get by proxies. I doubt it works any more...but what good is it to get by a proxy if you're trying to reach a lighttpd hosted website!? :D

Great job on lighty, btw, excellent software!

-- Ben <ben_is_a

Actions #1

Updated by Anonymous over 17 years ago

Errr, this (#)&$ing wiki screwed up my formatting...I should've previewed first! Here are the relevant pieces:

(or with a calculator, octet1*256^3^ + octet2*256^2^ + octet3*256 + octet4)

64.233.167.99 (64 * (256^3^)) + (233 * (256^2^)) + (167 * 256) + 99 1089054563

-- Ben <ben_is_a

Actions #2

Updated by carpii over 8 years ago

Not a valid bug (maybe it was at the time)

The octet address is decoded to an IP before the connection is even made to lighttpd
The HTTP Host header still specifies the octet hostname, but lighty treats this as an abritrary string anyway..

For my test IP of 192.168.1.79....

$HTTP["host"] == "3232235855" {
url.redirect = ( "^/(.*)" => "http://google.com" )
}

$ wget http://3232235855

--2016-05-03 00:06:09-- http://3232235855/
Resolving 3232235855... 192.168.1.79
Connecting to 3232235855|192.168.1.79|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://google.com [following]

Actions #3

Updated by gstrauss over 8 years ago

  • Description updated (diff)

There are a number of open issues related to the feature request of lighttpd parsing various formats of numerical strings in the Host header into an IP address that is then used for condition matching. request.c:request_check_hostname() is the place where many of these are rejected. I was thinking that a new config switch (or switches) might disable the strict checks here, and/or parse various numerical formats into IP strings.

Actions #4

Updated by gstrauss over 8 years ago

  • Status changed from New to Patch Pending
  • Assignee deleted (jan)
  • Target version set to 1.4.40
Actions #5

Updated by gstrauss over 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom