nginx 400 error when username included in the uri

mike mike503 at
Thu Aug 21 02:43:59 MSD 2008

isn't http://user:password@host now deprecated?

only IE supports that now pre-SP2 / patched right?

(not that i agree with it, but afaik it is not in RFC spec)

originally i had thought there was a generic URI RFC spec


where scheme can be telnet, ssh, http, https, scp, fastcgi, whatever
the programs require...

On 8/20/08, Michael Ching <michaelc at> wrote:
> Igor Sysoev wrote:
> > This patch ignores  user only in "http://user@host".
> > Should password in "http://user:password@host" be ignored too ?
> >
> >
> Thank you for taking a look.  You raise a good point.  More generally, it
> would also error if the username included any characters invalid for a
> hostname.  Working on a more complete fix.

More information about the nginx mailing list