Bug #2143
closed
Added by khemael about 15 years ago.
Updated almost 9 years ago.
Description
Hi. It seems that lighttpd won't handle numeric tlds. Tried with bot numeric+alpha eand pure numeric tlds.
Yes, numeric tlds aren't part of actual ICANN's TLD's, but anyway, as of ICANN'S applicant book (Draft V3 of october 2009), numeric and pure numeric TLD's are not a problem. Pure numeric tlds should however append a non-numeric subdomain in their tld policies if the tld is somewhat between 0-255.
Also, it seems that numerous of numeric and alphanumeric TLD's are in approach for 2010 ICANN gTLD's evaluation. Oh, and we just can't use lighttpd in our company due to these restriction. Sticking with Apache here.
khemael@alpha:~$ dig -t A nsd.geeks.42 +short
88.181.160.249
khemael@alpha:~$ telnet nsd.geeks.42 80
Trying 88.181.160.249...
Connected to nsd.geeks.42.
Escape character is '^]'.
GET / HTTP/1.1
host : www.khemael.net
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Thu, 31 Dec 2009 23:14:31 GMT
Server: lighttpd/1.4.19
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>400 - Bad Request</title>
</head>
<body>
<h1>400 - Bad Request</h1>
</body>
</html>
Connection closed by foreign host.
khemael@alpha:~$ telnet nsd.geeks.42 80
Trying 88.181.160.249...
Connected to nsd.geeks.42.
Escape character is '^]'.
GET / HTTP/1.1
host : nsd.geeks.42
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Thu, 31 Dec 2009 23:14:49 GMT
Server: lighttpd/1.4.19
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>400 - Bad Request</title>
</head>
<body>
<h1>400 - Bad Request</h1>
</body>
</html>
Connection closed by foreign host.
Files
Excuse the wrong GET requests. Here is a relevant example :
root@alpha:/home/khemael$ telnet 192.168.0.10 80
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
GET / HTTP/1.1
host: nsd.geeks.42
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Fri, 01 Jan 2010 12:38:40 GMT
Server: lighttpd/1.4.19
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>400 - Bad Request</title>
</head>
<body>
<h1>400 - Bad Request</h1>
</body>
</html>
Connection closed by foreign host.
root@alpha:/home/khemael$ telnet 192.168.0.10 80
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
GET / HTTP/1.1
host: www.khemael.net
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "155230805"
Last-Modified: Tue, 29 Dec 2009 19:50:51 GMT
Content-Length: 806
Date: Fri, 01 Jan 2010 12:39:11 GMT
Server: lighttpd/1.4.19
<html><body><center><h1>Khemael.net</h1> <br><br> <A
href="http://mail.khemael.net">Webmail</A> - <A
href="http://mail.ipv6.khemael.net">IPv6-Webmail</A><br>-<br> <A
href="http://ipv6.khemael.net/">Khemael.net IPv6 publics list</A> <br>-<br> <A
href="http://code.khemael.net/">Code.khemael.net Svn Repository</A> - <A
href="http://code.ipv6.khemael.net/">IPv6-Code.khemael.net Svn Repository</A>
<br>-<br> khemael[at]khemael.net - You may write here<br><br><i>.:: This page is reachable through IPv6 ::.</i><br><br><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=khemael&badge=3" width=229 height=137 border=0 alt="IPv6 Certification Badge for khemael"></img><br><br><script type="text/javascript" src="http://ipv6.he.net/v4ex/sidebar.js"></script></center></body></html>
Connection closed by foreign host.
- Target version set to 1.4.29
What is the reason Lighttpd checks the TLD?
Because its rfc-compliant, you´d be the first whining if not.
Does the HTTP RFC require you to return a HTTP error if the hostname doesn't follow RFC rules?
After a quick read, HTTP RFC does not seem to require this check.
Disabling the check is pretty simple (see quick'n'dirty attached patch), more interesting solution could be to modify the logic of the check in order to not detect a host with numeric TLD as an IP address
- Target version changed from 1.4.29 to 1.4.x
I someone provides a sane patch to use a less restrict check for hostnames given that a new config option is set, i will apply it.
apart from that i think numeric dns labels are just wrong (especially numeric tlds).
btw: the http rfc links to other rfcs.
- Status changed from New to Patch Pending
- Target version changed from 1.4.x to 1.4.40
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Also available in: Atom
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)
server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"
defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.
For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.
To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"
x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281
To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"
x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330
To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)
x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016