On 13.01.2015 14:39, Ruslan Ermilov wrote:
$ curl -I nginx.org -H"Host: \$"
curl: (52) Empty reply from server
You cannot possibly tell me that's correct and/or expected behavior?
And that's not even a control character.
That's because this site is configured to reject unknown server
names, l
> On 13 Jan 2015, at 02:45, Piotr Sikora wrote:
>
> $ curl -I nginx.org -H"Host: \$"
> curl: (52) Empty reply from server
>
> You cannot possibly tell me that's correct and/or expected behavior?
> And that's not even a control character.
Yes, that is expected behaviour, from nginx.conf:
serve
On Mon, Jan 12, 2015 at 03:45:03PM -0800, Piotr Sikora wrote:
> Hey Maxim,
>
> > I still think it's a "no". If needed, allowed characters can be
> > easily restricted by a configuration.
>
> Just to make a point:
>
> $ curl -I nginx.org
> HTTP/1.1 200 OK
> Server: nginx/1.7.7
> Date: Mon, 12 Ja
Hey Maxim,
> I still think it's a "no". If needed, allowed characters can be
> easily restricted by a configuration.
Just to make a point:
$ curl -I nginx.org
HTTP/1.1 200 OK
Server: nginx/1.7.7
Date: Mon, 12 Jan 2015 23:42:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8981
Last
Hello!
On Mon, Jan 05, 2015 at 02:12:04PM -0800, Piotr Sikora wrote:
> Hey Maxim,
>
> > While I agree that there is no real reason for forbidding some of
> > those characters, I think that Host still should be restricted to at
> > least printable ASCII characters (minus space and path separators
Hey Maxim,
> While I agree that there is no real reason for forbidding some of
> those characters, I think that Host still should be restricted to at
> least printable ASCII characters (minus space and path separators).
>
> I can't think of any reason why would you intentionally allow control
> ch
Hey Andrey,
> In what part of ASCII table?
US-ASCII, i.e. printable characters are 0x20-0x7E.
> What about host names in national alphabets?
They are not transmitted as such, see RFC3492 (Punycode) and RFC5891 (IDNA).
Best regards,
Piotr Sikora
___
> I can't think of any reason why would you intentionally allow
> control characters in there.
I fully agree.
> What about host names in national alphabets?
Its not in the standard, to what end exactly would we
allow such characters?
It will just encourage users to use non-standard hostname w
On 20 December 2014 at 00:08, Piotr Sikora wrote:
> I think that Host still should be restricted to at
> least printable ASCII
>
In what part of ASCII table?
What about host names in national alphabets?
___
nginx-devel mailing list
nginx-devel@nginx.or
Hey Maxim,
> I don't think we should further restrict allowed hostnames solely
> based on what current edition of standard says. We are more or
> less liberal here, allowing various experiments - and I don't
> think this should be changed without a good reason.
While I agree that there is no rea
Hello!
On Wed, Dec 17, 2014 at 06:48:37PM -0800, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora
> # Date 1418870862 28800
> # Wed Dec 17 18:47:42 2014 -0800
> # Node ID ab0442e232ce098438943a77422d8a04cc5b6790
> # Parent 99751fe3bc3b285801b434f7f707d87fa42b093e
> Add stri
# HG changeset patch
# User Piotr Sikora
# Date 1418870862 28800
# Wed Dec 17 18:47:42 2014 -0800
# Node ID ab0442e232ce098438943a77422d8a04cc5b6790
# Parent 99751fe3bc3b285801b434f7f707d87fa42b093e
Add strict Host validation.
According to RFC3986, Host is a sequence of printable ASCII char
12 matches
Mail list logo
