[PATCH] Add strict Host validation

Maxim Dounin mdounin at mdounin.ru
Mon Jan 12 12:36:22 UTC 2015


On Mon, Jan 05, 2015 at 02:12:04PM -0800, Piotr Sikora wrote:

> Hey Maxim,
> > While I agree that there is no real reason for forbidding some of
> > those characters, I think that Host still should be restricted to at
> > least printable ASCII characters (minus space and path separators).
> >
> > I can't think of any reason why would you intentionally allow control
> > characters in there.
> Ping... or is it still a "no"?

I still think it's a "no".  If needed, allowed characters can be 
easily restricted by a configuration.

Maxim Dounin

More information about the nginx-devel mailing list