Opened 8 years ago
Closed 7 years ago
#1031 closed defect (fixed)
nginx return 416 error if client set Range header and requested file < 2 byte.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.10.x |
| Keywords: | #range | Cc: | |
| uname -a: | Linux hw-sld-prod-stor-002 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.10.1
built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/naxsi/naxsi_src --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-http_slice_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/headers-more-nginx-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-auth-pam --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-cache-purge --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-dav-ext-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-development-kit --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-echo --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx-fancyindex --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-push-stream-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-lua --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-upload-progress --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-upstream-fair --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-auth-ldap --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_http_pinba_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_pagespeed --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-x-rid-header --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-rtmp-module --with-ld-opt=-lossp-uuid |
||
Description
File do_not_delete.txt exist, size zero or 1 byte.
HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=1-
Connection: close
Zero byte:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:11:07 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */0
1 byte:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:29:23 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */1
2 byte:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:30:16 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:30:09 GMT
Connection: close
ETag: "5791e7a1-2"
Content-Range: bytes 1-1/2
If file not exist all good = 404
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 22 Jul 2016 09:23:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Vary: Accept-Encoding
If request:
HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=1-100
Connection: close
file size 2 byte:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:30:16 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:30:09 GMT
Connection: close
ETag: "5791e7a1-2"
Content-Range: bytes 1-1/2
Change History (7)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
What makes you think that the current behaviour is invalid?
Quoting RFC 2616:
If a syntactically valid byte-range-set includes at least one byte-
range-spec whose first-byte-pos is less than the current length of
the entity-body, or at least one suffix-byte-range-spec with a non-
zero suffix-length, then the byte-range-set is satisfiable.
Otherwise, the byte-range-set is unsatisfiable. If the byte-range-set
is unsatisfiable, the server SHOULD return a response with a status
of 416 (Requested range not satisfiable).
comment:4 by , 7 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
It looks like returning 416 makes things at least inconvenient for the slice filter, see this thread.
Also, the standards wording seems to be changed from "[satisfiable if] at least one first-byte-pos ... less than the current length" in RFC 2616 to "[unsatisfiable if] first-byte-pos of all ... greater than the current length" in RFC 7233:
For byte ranges, failing to overlap the current extent means that the
first-byte-pos of all of the byte-range-spec values were greater than
the current length of the selected representation.
It might worth to change the behaviour to return 200 or 206 with an empty range when a 0-byte file is requested.
comment:5 by , 7 years ago
The wording in the above quote from RFC 7233 seems to be accidental, in the earlier part it says nearly the same as RFC 2616:
If a valid byte-range-set includes at least one byte-range-spec with
a first-byte-pos that is less than the current length of the
representation, or at least one suffix-byte-range-spec with a
non-zero suffix-length, then the byte-range-set is satisfiable.
Otherwise, the byte-range-set is unsatisfiable.
Note well that it is not possible to return an empty range, as Content-Range header does not allow it. So the only options is to return 416 or 200. Still, 200 looks like a better option than 416 in the case of an empty file.
comment:7 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Sorry, problem only if file zero size.
HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=0-
Connection: close
file 1 byte ok:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:51:03 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:50:59 GMT
Connection: close
ETag: "5791ec83-1"
Content-Range: bytes 0-0/1
file 0 byte bad:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:53:45 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */0