[PATCH 1 of 2] Rewritten host header validation to follow generic parsing rules
J Carter
jordanc.carter at outlook.com
Tue May 28 11:53:46 UTC 2024
Hello Sergey,
On Mon, 27 May 2024 14:21:43 +0400
Sergey Kandaurov <pluknet at nginx.com> wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet at nginx.com>
> # Date 1716805272 -14400
> # Mon May 27 14:21:12 2024 +0400
> # Node ID e82a7318ed48fdbc1273771bc96357e9dc232975
> # Parent f58b6f6362387eeace46043a6fc0bceb56a6786a
> Rewritten host header validation to follow generic parsing rules.
>
> It now uses a generic model of state-based machine, with more strict
> parsing rules borrowed from ngx_http_validate_host(),
I think you mean "borrowed from ngx_http_parse_request_line()".
> with additional
> checks for double dots and stripping a port subcomponent.
>
> Notably, now a port subcomponent of the Host header is restricted
> to digits, using underscores in domain name labels is prohibited.
>
[...]
More information about the nginx-devel
mailing list