Actions
server.http-parseopts option¶
server.http-parseopts¶
HTTP request parsing and normalization options (since 1.4.50)
- any url-normalize* option enabled results in:
- uppercase %XX percent-encodings
- percent-encode any chars not in unreserved or reserved sets (RFC 3986)
- "url-normalize" => "enable"
- equivalent to "url-normalize-unreserved" and "url-path-2f-decode"
- "url-normalize-unreserved" => "enable"
- decode unreserved chars if percent-encoded (alphanumeric '-' '.' '_' '~')
- "url-normalize-required" => "enable"
- decode unreserved and reserved chars if percent-encoded (unreserved, delims, sub-delims)
- "url-ctrls-reject" => "enable"
- reject any percent-encoded control chars
- "url-path-backslash-trans" => "enable"
- translate backslash to slash (if lighttpd is running on Windows)
- "url-path-2f-decode" => "enable"
- translate %2F to /
- "url-path-2f-reject" => "enable"
- reject %2F
- "url-path-dotseg-remove" => "enable"
- resolve and remove "." and ".." path segments
- "url-path-dotseg-reject" => "enable"
- reject "." and ".." path segments
- "url-query-20-plus" => "enable"
- translate %20 to '+' in query-string (if present)
- "url-invalid-utf8-reject" => "enable" (since 1.4.65)
- reject invalid UTF-8 bytes
- "header-strict" => "enable"
- restrict chars permitted in HTTP request headers (overrides server.http-parseopt-header-strict)
- "host-strict" => "enable"
- restrict chars permitted in HTTP request Host header (overrides server.http-parseopt-host-strict)
- "host-normalize" => "enable"
- normalize HTTP Host header (overrides server.http-parseopt-host-normalize)
- "method-get-body" => "enable" (since 1.4.54)
- permit GET sent with request body (default: reject with 400 Bad Request)
Example¶
server.http-parseopts = ( "url-normalize" => "enable", ... )
Updated by gstrauss over 2 years ago · 3 revisions