[patch] reject http header without colon (:) in the header name
Roman Arutyunyan
arut at nginx.com
Mon May 13 07:18:18 UTC 2024
Hi,
On Tue, May 07, 2024 at 05:58:34PM -0400, Ben Kallus wrote:
> Nginx is the only widely-used HTTP server that ignores invalid
> field-lines. This behavior makes it trivial to fingerprint.
A simple test shows that google server gws does the same.
> I never reported this in the past because I assumed Maxim wouldn't
> care about that sort of thing. Now that he's out of the picture, maybe
> others will see things differently?
>
> -Ben
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
--
Roman Arutyunyan
More information about the nginx-devel
mailing list