Ticket #196 followup: disallow spaces in uri by default

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Ticket #196 followup: disallow spaces in uri by default

Lukas Tribus
Hello list,


in Ticket #196 [1], Maxim Dounin suggested that spaces in URI's could be disallowed by default.

As far as I can tell, current code still does not "disallow" those requests (not by default and not via specific configuration either), is that correct? Could this be improved, as per the suggestion in the ticket?

Nginx' behavior looks weird and inconsistent in case the HTTP request contains a unescaped "space followed by a uppercase H" and troubleshooting is more complicated because of it, take a look at this for example:

https://github.com/peeringdb/peeringdb/issues/132



cheers,
lukas

[1] https://trac.nginx.org/nginx/ticket/196
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ticket #196 followup: disallow spaces in uri by default

Maxim Dounin
Hello!

On Sat, Apr 08, 2017 at 07:26:01PM +0000, Lukas Tribus wrote:

> in Ticket #196 [1], Maxim Dounin suggested that spaces in URI's
> could be disallowed by default.
>
> As far as I can tell, current code still does not "disallow"
> those requests (not by default and not via specific
> configuration either), is that correct?

Yes.  There were no changes in this area.

> Could this be improved, as per the suggestion in the ticket?

I think it is something to be considered in 1.13.x timeframe, as
we have some plans to look into HTTP parser anyway.

I think the main question here: is it ok to just drop support for
spaces, or we have to introduce some option to preserve the old
behaviour.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Ticket #196 followup: disallow spaces in uri by default

Lukas Tribus
> I think the main question here: is it ok to just drop support for
> spaces, or we have to introduce some option to preserve the old
> behaviour.

My opinion: I think we will need the configuration knob, so there is time
to fix the problem, as a client bug is not always immediatly fixable.

Either that or we do it like Apache (returning file abc when the request
is GET /abc xyz HTTP/1.1), but that is still inconsistent and I don't like
it personally.


Thanks,
Lukas
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...