Opened 4 years ago

Closed 3 years ago

#1031 closed defect (fixed)

nginx return 416 error if client set Range header and requested file < 2 byte.

Reported by: lefoyer@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.10.x
Keywords: #range Cc:
uname -a: Linux hw-sld-prod-stor-002 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.10.1
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/naxsi/naxsi_src --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-http_slice_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/headers-more-nginx-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-auth-pam --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-cache-purge --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-dav-ext-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-development-kit --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-echo --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx-fancyindex --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-push-stream-module --add-dynamic-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-lua --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-upload-progress --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-upstream-fair --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-auth-ldap --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_http_pinba_module --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/ngx_pagespeed --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-x-rid-header --add-module=/var/lib/repo/mini-dinstall/incoming/nginx-1.10.1/debian/modules/nginx-rtmp-module --with-ld-opt=-lossp-uuid

Description

File do_not_delete.txt exist, size zero or 1 byte.

HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=1-
Connection: close

Zero byte:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:11:07 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */0

1 byte:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:29:23 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */1

2 byte:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:30:16 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:30:09 GMT
Connection: close
ETag: "5791e7a1-2"
Content-Range: bytes 1-1/2

If file not exist all good = 404

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 22 Jul 2016 09:23:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Vary: Accept-Encoding

If request:

HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=1-100
Connection: close

file size 2 byte:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:30:16 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:30:09 GMT
Connection: close
ETag: "5791e7a1-2"
Content-Range: bytes 1-1/2

Change History (7)

comment:1 by lefoyer@…, 4 years ago

Sorry, problem only if file zero size.

HEAD /do_not_delete.txt HTTP/1.1
Accept: */*
Host: example.com
Range: bytes=0-
Connection: close

file 1 byte ok:
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 22 Jul 2016 09:51:03 GMT
Content-Type: text/plain
Content-Length: 1
Last-Modified: Fri, 22 Jul 2016 09:50:59 GMT
Connection: close
ETag: "5791ec83-1"
Content-Range: bytes 0-0/1

file 0 byte bad:
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Fri, 22 Jul 2016 09:53:45 GMT
Content-Type: text/html
Content-Length: 206
Connection: close
Content-Range: bytes */0

comment:2 by Maxim Dounin, 4 years ago

What makes you think that the current behaviour is invalid?
Quoting RFC 2616:

If a syntactically valid byte-range-set includes at least one byte-
range-spec whose first-byte-pos is less than the current length of
the entity-body, or at least one suffix-byte-range-spec with a non-
zero suffix-length, then the byte-range-set is satisfiable.
Otherwise, the byte-range-set is unsatisfiable. If the byte-range-set
is unsatisfiable, the server SHOULD return a response with a status
of 416 (Requested range not satisfiable).

comment:3 by Maxim Dounin, 4 years ago

Resolution: invalid
Status: newclosed

Feedback timeout.

comment:4 by Maxim Dounin, 3 years ago

Resolution: invalid
Status: closedreopened

It looks like returning 416 makes things at least inconvenient for the slice filter, see this thread.

Also, the standards wording seems to be changed from "[satisfiable if] at least one first-byte-pos ... less than the current length" in RFC 2616 to "[unsatisfiable if] first-byte-pos of all ... greater than the current length" in RFC 7233:

For byte ranges, failing to overlap the current extent means that the
first-byte-pos of all of the byte-range-spec values were greater than
the current length of the selected representation.

It might worth to change the behaviour to return 200 or 206 with an empty range when a 0-byte file is requested.

comment:5 by Maxim Dounin, 3 years ago

The wording in the above quote from RFC 7233 seems to be accidental, in the earlier part it says nearly the same as RFC 2616:

If a valid byte-range-set includes at least one byte-range-spec with
a first-byte-pos that is less than the current length of the
representation, or at least one suffix-byte-range-spec with a
non-zero suffix-length, then the byte-range-set is satisfiable.
Otherwise, the byte-range-set is unsatisfiable.

Note well that it is not possible to return an empty range, as Content-Range header does not allow it. So the only options is to return 416 or 200. Still, 200 looks like a better option than 416 in the case of an empty file.

comment:6 by Maxim Dounin <mdounin@…>, 3 years ago

In 7043:aeaac3ccee4f/nginx:

Range filter: allowed ranges on empty files (ticket #1031).

As per RFC 2616 / RFC 7233, any range request to an empty file
is expected to result in 416 Range Not Satisfiable response, as
there cannot be a "byte-range-spec whose first-byte-pos is less
than the current length of the entity-body". On the other hand,
this makes use of byte-range requests inconvenient in some cases,
as reported for the slice module here:

http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010177.html

This commit changes range filter to instead return 200 if the file
is empty and the range requested starts at 0.

comment:7 by Maxim Dounin, 3 years ago

Resolution: fixed
Status: reopenedclosed
Note: See TracTickets for help on using tickets.