Server http-parseoptsDetails » History » Revision 2
Revision 1 (gstrauss, 2018-08-13 00:20) → Revision 2/3 (gstrauss, 2019-05-27 20:51)
h1. server.http-parseopts option
h2. server.http-parseopts
HTTP request parsing and normalization options (since 1.4.50)
* any url-normalize* option enabled results in:
** uppercase %XX percent-encodings
** percent-encode any chars not in unreserved or reserved sets (RFC 3986)
* "url-normalize" => "enable"
** equivalent to "url-normalize-unreserved" and "url-path-2f-decode"
* "url-normalize-unreserved" => "enable"
** decode unreserved chars if percent-encoded (alphanumeric '-' '.' '_' '~')
* "url-normalize-required" => "enable"
** decode unreserved and reserved chars if percent-encoded (unreserved, delims, sub-delims)
* "url-ctrls-reject" => "enable"
** reject any percent-encoded control chars
* "url-path-backslash-trans" => "enable"
** translate backslash to slash (if lighttpd is running on Windows)
* "url-path-2f-decode" => "enable"
** translate %2F to /
* "url-path-2f-reject" => "enable"
** reject %2F
* "url-path-dotseg-remove" => "enable"
** resolve and remove "." and ".." path segments
* "url-path-dotseg-reject" => "enable"
** reject "." and ".." path segments
* "url-query-20-plus" => "enable"
** translate %20 to '+' in query-string (if present)
* "header-strict" => "enable"
** restrict chars permitted in HTTP request headers (overrides server.http-parseopt-header-strict)
* "host-strict" => "enable"
** restrict chars permitted in HTTP request Host header (overrides server.http-parseopt-host-strict)
* "host-normalize" => "enable"
** normalize HTTP Host header (overrides server.http-parseopt-host-normalize)
* "method-get-body" => "enable" (since 1.4.54)
** permit GET sent with request body (default: reject with 400 Bad Request)
h3. Example
<pre>
server.http-parseopts = ( "url-normalize" => "enable", ... )
</pre>