Empty host header on http 1.1 results in invalid host header logging in error.log
Maxim Dounin
mdounin at mdounin.ru
Wed Jul 22 18:18:34 UTC 2015
Hello!
On Wed, Jul 22, 2015 at 06:53:13AM +0200, Bart Warmerdam wrote:
> Why does nginx logs an info log a message like ...client sent invalid host
> header while reading client request headers... request: "GET /keepalive.html
> HTTP/1.1", host: ""
> if the host header is empty. According to the http 1.1 specification it is
> legal to send an empty host header so it should not log this message since
> the header is not invalid. So the requests contains the host header but
> without a value. The call also results in a 400 instead of a 2xx or 3xx
> response.
Empty host names are illegal as per RFC 2616 and RFC 2396 it uses
to define URIs.
http://tools.ietf.org/html/rfc2616#section-14.23:
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
http://tools.ietf.org/html/rfc2396#section-3.2.2:
host = hostname | IPv4address
hostname = *( domainlabel "." ) toplabel [ "." ]
domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
toplabel = alpha | alpha *( alphanum | "-" ) alphanum
IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
Empty host names are only allowed as per newer RFC 3986. This is
not something nginx was adapted to allow though. May be it
should.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list